Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

About User's Role in ClearPass Policy Manager

This thread has been viewed 35 times

  • 1.  About User's Role in ClearPass Policy Manager

    Posted 27 days ago

    Can ClearPass Policy Manager dynamically calculate User 1's Role based on Health-Check results? 

    For example: We need user with Tips: Posture equal Healthy mapping at role Full_Access and when this user violates the policy, meaning the posture result is Quarantine, they should be mapped to the Deny role.



  • 2.  RE: About User's Role in ClearPass Policy Manager

    Posted 26 days ago

    Yes, you can do that:

    Screenshot is from a video that shows how to configure everything: video 1 (screen shot is from video 3 on Onguard).



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: About User's Role in ClearPass Policy Manager

    Posted yesterday

    Hi Herman, 
    How can i mapping role for user with IP Pool ?  

    In mapping rule editor i can mapping rule with Connection-Src-IP-Address - contains -- x.x.x. to Role Test. But it's only work with subnet mask 24. 
    I need to mapping role with smaller subnet, for example: 

    User A with : Connection - Src-IP-Address 192.168.100.10 to Role TEST1. 

    User B with : Connection - Src-IP-Address 192.168.100.101 to Role TEST2. 

    How can i do it, please guide me, tks! 


    Original Message


  • 4.  RE: About User's Role in ClearPass Policy Manager

    Posted an hour ago

    Hi,

    The Connection:Src-IP-Address attribute contains the IP address of the NAD device (switch or WLC) to which the user is connecting/authenticating. Are you sure this is the value you would like to base your decision on?

    Regards,

    Thiyagarajan


    Original Message


  • 5.  RE: About User's Role in ClearPass Policy Manager

    Posted 49 minutes ago

    Yes, we divide and identify departments based on the IP pool, so I need to use this parameter to assign the Endpoint to its correct Roles. The issue arises when the network admin wants to split the pool into /25 and /26 as I mentioned above.


    Original Message