Security

 View Only
last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Cluster Maintenance

This thread has been viewed 13 times

  • 1.  ClearPass Cluster Maintenance

    Posted Aug 19, 2022 10:49 AM

    Hello, 

    I'm operating a a 4 node ClearPass cluster running 6.9.11 on C2K hardware. Is there any periodic maintenance or optimization tasks that should get done for the ClearPass service like deleting old entries out of the endpoint DB or truncating any data?



  • 2.  RE: ClearPass Cluster Maintenance

    Posted Aug 19, 2022 11:07 AM
    Yeah best practice (depending on organization policies) would be purge stale MAC addresses from the database.  This is especially true for guest environments.

    Keep your ClearPass patched and upgraded and make sure to download (automatic or manually) the profiling fingerprint updates.

    Make sure you have a scheduled backup of your ClearPass database to an external file server.  This is especially important for hardware appliances as you can't use hypervisor level backup utilities like snapshots.
    Original Message


  • 3.  RE: ClearPass Cluster Maintenance

    Posted Aug 19, 2022 11:34 AM
    @ahollifield thanks for the reply. We're doing most of that today. Regarding your first recommendation, what is the best way to purge those stale mac addresses?​
    Original Message


  • 4.  RE: ClearPass Cluster Maintenance

    Posted Aug 19, 2022 11:43 AM
    Administration > Server Manager > Server Configuration > Cluster-Wide Parameters (top left) > Cleanup Intervals



    Original Message