Security

Reply

translating the clearpass name for guest without reveling the private network

Hello

Right now we are using clearpass with a public certificate and well we got in the redirection page on the controller https://CN.domain.com

 

it works great butt he problem is that if someone does CN.domain.com on his house he will get to know the private network of the clearpass

 

We dont want that to happen

 

Suggestions are welcome, if you guys can give me different options would be great.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: translating the clearpass name for guest without reveling the private network

The controller's certificate has no relationship to ClearPass.

Also, hiding a private IP address is not a security mechanism.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: translating the clearpass name for guest without reveling the private network

Its a requirement of the client, they dont want that if you do clearpass.yourdomain.com to translate to a private network with the public dns...

Is there a way to do this?

 

Also why is not a security mechanish i mean, if an attacker will know the private network he needs to attack also one of the ip of the server inside that tnetwork.   Just want to know your opion about this.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: translating the clearpass name for guest without reveling the private network

Use views or the equivalent feature on your DNS server.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: translating the clearpass name for guest without reveling the private network

you mean instead of using the public DNS using their private DNS for it?

Not sure if they would like that idea, they dont want to use anything of their private network for it. 

 

I think i read once you saying using a DNS proxy in a router, does that works too?

 

The controller cannot be use as a dns proxy in anyway ?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: translating the clearpass name for guest without reveling the private network

Tim question 

As far i know 

when you use the captive portal on the controller redirect the client to secure.arubanetworks.com and somehow its change the securelongin.arubanetworks.com or Certificate CN to the controllers ip address it hijack it somehow

it is possible to do that but changing it to  clearpass ip address when you redirecting to the clearpass with https://cn.yourdomain.com/guest/webloging.php 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: translating the clearpass name for guest without reveling the private network

The controller captive portal cert CN has nothing to do with the redirect destination.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: translating the clearpass name for guest without reveling the private network

i was telling you that becuase if im using the controllers captive portal  if i do a ping for example to cn.mydomain.com it translate to controllers ip address 

What i wanted is to do the same but with clearpass ip address. 

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: translating the clearpass name for guest without reveling the private network

Not really possible as you can't access ClearPass by IP address for guest workflows.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: