Security

cppm need to online update fingerprint，the customer wants to restrict CPPM's access to the Internet, which URLs and ports need to be allowed on the firewall?

------------------------------
tan xiaofeng
------------------------------

clearpass.arubanetworks.com - 443
https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/CPPM_UserGuide/Admin/Software_Updates.htm?Highlight=clearpass.arubanetworks.com

We've did find allowing access to 443 on the IP address worked better than the domain name - https://104.36.248.89/ did the job.
Original Message:
Sent: May 18, 2022 09:25 AM
From: tan xiaofeng
Subject: clearpass internet access

cppm need to online update fingerprint，the customer wants to restrict CPPM's access to the Internet, which URLs and ports need to be allowed on the firewall?

------------------------------
tan xiaofeng
------------------------------

I would strongly recommend using the domain name, as the IP may change every now and then. Or create a rule that allows both IP and domain.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: May 19, 2022 03:21 AM
From: Nick Kershaw
Subject: clearpass internet access

clearpass.arubanetworks.com - 443
https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/CPPM_UserGuide/Admin/Software_Updates.htm?Highlight=clearpass.arubanetworks.com

We've did find allowing access to 443 on the IP address worked better than the domain name - https://104.36.248.89/ did the job.
Original Message:
Sent: May 18, 2022 09:25 AM
From: tan xiaofeng
Subject: clearpass internet access

cppm need to online update fingerprint，the customer wants to restrict CPPM's access to the Internet, which URLs and ports need to be allowed on the firewall?

------------------------------
tan xiaofeng
------------------------------

Thanks guys!


Another question,starting from 6.10, Software updates are authenticated using a token rather than username and password. Tokens are obtained by clicking the Generate Token button in the HPE PassPort Credentials，Which URLs and ports need to be allowed on the firewall so that tokens can be generated and updated

------------------------------
tan xiaofeng
------------------------------

Original Message:
Sent: May 20, 2022 10:22 AM
From: Herman Robers
Subject: clearpass internet access

I would strongly recommend using the domain name, as the IP may change every now and then. Or create a rule that allows both IP and domain.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: May 19, 2022 03:21 AM
From: Nick Kershaw
Subject: clearpass internet access

clearpass.arubanetworks.com - 443
https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/CPPM_UserGuide/Admin/Software_Updates.htm?Highlight=clearpass.arubanetworks.com

We've did find allowing access to 443 on the IP address worked better than the domain name - https://104.36.248.89/ did the job.
Original Message:
Sent: May 18, 2022 09:25 AM
From: tan xiaofeng
Subject: clearpass internet access

cppm need to online update fingerprint，the customer wants to restrict CPPM's access to the Internet, which URLs and ports need to be allowed on the firewall?

------------------------------
tan xiaofeng
------------------------------

The update token is generated from the admin's browser, then transferred into the ClearPass configuraion. No special/additional access needed from the ClearPass appliance itself.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: May 21, 2022 02:56 AM
From: tan xiaofeng
Subject: clearpass internet access

Thanks guys!


Another question,starting from 6.10, Software updates are authenticated using a token rather than username and password. Tokens are obtained by clicking the Generate Token button in the HPE PassPort Credentials，Which URLs and ports need to be allowed on the firewall so that tokens can be generated and updated

------------------------------
tan xiaofeng

Original Message:
Sent: May 20, 2022 10:22 AM
From: Herman Robers
Subject: clearpass internet access

I would strongly recommend using the domain name, as the IP may change every now and then. Or create a rule that allows both IP and domain.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: May 19, 2022 03:21 AM
From: Nick Kershaw
Subject: clearpass internet access

clearpass.arubanetworks.com - 443
https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/CPPM_UserGuide/Admin/Software_Updates.htm?Highlight=clearpass.arubanetworks.com

We've did find allowing access to 443 on the IP address worked better than the domain name - https://104.36.248.89/ did the job.
Original Message:
Sent: May 18, 2022 09:25 AM
From: tan xiaofeng
Subject: clearpass internet access

cppm need to online update fingerprint，the customer wants to restrict CPPM's access to the Internet, which URLs and ports need to be allowed on the firewall?

------------------------------
tan xiaofeng
------------------------------