View Only
last person joined: 22 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

CPPM-use case where [Machine Authenticated] role is not matched 

Feb 02, 2021 03:03 AM

Hi community,

I would like to know on which cases the cppm considers a client device as a [machine authenticated] role? please, your kindly support.

Customer needs  to use 802.1x PEAP (with radius certificate signed by AD CS and a CA root from AD CS). user authentication will be against AD as a authentication source of CPPM with one generic corporative group from their accounts. So enterprise endpoints should be tested having the following two basic conditions:

*first rule: authenticated by user  and machine , so CPPM enforcement policy should assign a corporative role
*second rule: authenticated only by [user authenticated] ,so CPPM enforcement policy should assign a restrict role

also, customer is asking, what happens if one corporate client device (joined to domain) doesn't have a root CA certificate on device and wants to connect to the corporate network. could it be authorized only based on authentication (second rule)?
please your kindly support and opinion. i attached what i was thinking based on other recommendations

0 Favorited
1 Files
JPG file
enforcement_policy_CPPM_v1.JPG   59 KB   1 version
Uploaded - Feb 02, 2021

Related Entries and Links

No Related Resource entered.