Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass service Headers

This thread has been viewed 20 times

  • 1.  ClearPass service Headers

    Posted 15 days ago

    Hello, our org hired a contractor to build our ClearPass services. 

    The person is using inactive TACACS+ service as a header/place holder title for the services below it. I am working rebuilding a working tacacs+ service. I got an error message that a tacacs+ service already exists. I think the header idea is a good but wrongly implemented. Does anyone use an inactive non service as a header to organize their service? If so what would be a recommendation to replace with? I am thinking I should use "web based health check" it is one of the few service type my org is not using and has no clear use for in the near future. Thanks you. Best

    Name                              Type                                  Status 

    --------Header-------        TACACs+ enforcement     Disabled 

    Real running service     Real running service      Real running service 




  • 2.  RE: ClearPass service Headers

    Posted 15 days ago

    Hi,

    I don't think there is a good practice as there is currently no proper way to « classify » your services. 

    The solution is, as you said, to use a disabled service. As long as it is disabled, you can basically use any service type. From my side, I usually use a simple service to configure as I don't want to spend time on this, but you can also use a type that you don't use in all your services for a better understanding.

    I also use a specific name format for these separators and it looks like your capture (hyphens or underscores with the name in the middle) so I can easily see that it is a separator and not a production service.

    Hope it helps !


    Original Message


  • 3.  RE: ClearPass service Headers

    Posted 14 days ago

    I've seen this done before.  I really don't like it and I don't personally see the point.  It's not something I do for my customers.


    Original Message


  • 4.  RE: ClearPass service Headers

    Posted 13 days ago

    I have done such separators for some customers. I always disable the service and also create a filter that can never be true like username EQUALS abc123 AND username NOT_EQUALS abc123.

    For the visual apperence it can be good for at least some persons to have the separators like this. Maybe depending on how much you have been working with ClearPass 



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 5.  RE: ClearPass service Headers

    Posted 12 days ago

    I use separators quite a lot. I just define a dummy service and disable it. It really help me when I have a lot of services and provide visual separation between different service types. 



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------

    Original Message


  • 6.  RE: ClearPass service Headers

    MVP
    Posted 9 days ago

    We have found Service headers useful when you have many services. We have also developed headers for Role mapping.

    For Service we add an Aruba Application Authentication service with the condition Application Name NOT_EXISTS

    For Role Mapping, we use the rule Authentication:Username NOT_EXISTS

    We feel, in both cases, they are guaranteed to alwasy get skipped.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------

    Original Message