advertisement
Summary Tab
The Summary tab summarizes the parameters configured in the Posture Server, Primary Server, and
Backup Server tabs. The following figure displays the Summary tab:
Figure 253: Posture Servers - Summary Tab
Configuring Audit Servers
The Policy Manager server contains built-in Nessus (version 2.X) and NMAP servers. For enterprises with existing audit server infrastructure, or with external audit servers, Policy Manager supports these servers externally.
For more information, see: l l l
Built-In Audit Servers on page 282
Custom Audit Servers on page 285
Audit Service Flow Control
Audit servers evaluate posture, role, or both for unmanaged or unmanageable clients. One example is clients that lack an adequate posture agent or an 802.1X supplicant. For example, printers, PDAs, or guest users might not be able to send posture credentials or identify themselves.
A Policy Manager Service can trigger an audit by sending a client ID to a pre-configured audit server, and the server returns attributes for role mapping and posture evaluation.
Audit servers are configured at a global level. Only one audit server can be associated with a service. The flowof-control of the audit process is shown in the figure.
For more information, see
Configuring Audit Servers on page 281 .
ClearPass Policy Manager 6.5 | User Guide Posture | 281
Figure 254: Flow of Control of Policy Manager Auditing
Built-In Audit Servers
When you configure an audit as part of a Policy Manager service, you can select the default Nessus (Nessus
Server) or NMAP (Nmap Audit) configuration.
Adding Auditing to a Policy Manager Service
1. Navigate to the Audit tab from one of the following locations: l
To configure an audit server for a new service (as part of the flow of the Add Service wizard), navigate to
Configuration > Services. Select the Add Services link in the top-right corner. In the Add Services form, select the Audit tab.
You must select the Audit End-hosts check box on the Services tab to display the Audit tab.
282 | Posture ClearPass Policy Manager 6.5 | User Guide
l
To modify an existing audit server, navigate to Configuration > Posture > Audit Servers, then select an audit server from the list.
2. Configure auditing and complete the fields in the Audit tab as described in
Figure 255: Audit Tab
ClearPass Policy Manager 6.5 | User Guide Posture | 283
Table 153: Audit tab
Parameter Description
Audit
Server
Select a built-in server profile from the list: l The [Nessus Server] performs vulnerability scanning and returns a
Healthy/Quarantine result.
l The [Nmap Audit] performs network port scans. The health evaluation always returns a Healthy result. The port scan gathers attributes that allow determination of role(s) through post-audit rules.
For Policy Manager to trigger an audit on an end-host, it needs to get the IP address of the end-host. The IP address of the end-host is not available at the time of initial authentication for 802.1X and MAC authentication requests. Policy Manager has a builtin DHCP snooping service that can examine DHCP request and response packets to derive the IP address of the end-host. For this to work, you need to use this service,
Policy Manager must be configured as a DHCP “IP Helper” on your router/switch in addition to your main DHCP server. Refer to your switch documentation for “IP Helper” configuration.
To audit devices that have a static IP address assigned, it is recommended to create a static binding between the MAC and IP address of the endpoint in your DHCP server.
Refer to your DHCP server documentation for configuring such static bindings.
NOTE: Policy Manager does not issue the IP address; it only examines the DHCP traffic to derive the IP address of the end-host.
Audit
Trigger
Conditions
Select from the following audit trigger conditions: l Always: Always perform an audit.
l l
When posture is not available: Perform audit only when posture credentials are not available in the request.
For MAC Authentication Request: If you select this option, then Policy Manager presents the following three additional settings: n n
For known end-hosts only: For example, select this option when you want to reject unknown end-hosts and to audit known clients. Known end-hosts are defined as clients that are found in the authentication source(s) associated with this service.
For unknown end-hosts only: For example, select this option when known endhosts are assumed to be healthy, but you want to establish the identity of unknown end-hosts and assign roles. Unknown end-hosts are end-hosts that are not found in any of the authentication sources associated with this service.
n For all end-hosts: For both known and unknown end-hosts.
Action after audit
Select an Action after audit. Performing audit on a client is an asynchronous task, which means the audit can be performed only after the MAC authentication request is completed and the client has acquired an IP address through DHCP. Once the audit results are available, there should be a way for Policy Manager to re-apply policies on the network device. This can be accomplished in one of the following ways: l
No Action: The audit will not apply policies on the network device after this audit.
l l
Do SNMP bounce: This option will bounce the switch port or force an 802.1X
reauthentication (both done using SNMP). Bouncing the port triggers a new
802.1X/MAC authentication request by the client. If the audit server already has the posture token and attributes associated with this client in its cache, it returns the token and the attributes to Policy Manager.
Trigger RADIUS CoA action: This option sends a RADIUS CoA command to the network device.
284 | Posture ClearPass Policy Manager 6.5 | User Guide
Modifying Built-In Audit Servers
To reconfigure a default Policy Manager audit servers:
1. Open the audit server profile. Navigate to Configuration > Posture > Audit Servers, then select an audit server from the list of available servers.
Figure 256: Audit Servers Listing
2. Modify the profile, plugins, and/or preferences.
l
In the Audit tab, you can modify the In Progress Posture Status and Default Posture Status.
l l
If you selected a NESSUS Server, then the Primary/Backup Server tabs allow you to specify a scan profile. In addition, when you add a new scan profile, you can select plugins and preferences for the profile. Refer to
Nessus Scan Profiles on page 287
for more information.
The built-in Policy Manager Nessus audit server ships with approximately 1000 most commonly used
Nessus plugins.
In the Rules tab, you can create post-audit rules for determining role based on identity attributes discovered by the audit. For more information on creating post-audit rules, see
.
Custom Audit Servers
For enterprises with existing audit server infrastructure or preferring custom audit servers, Policy Manager supports NESSUS (2.x and 3.x) and NMAP scans using the NMAP plug-in on these external Nessus servers.
To configure a custom audit server:
1. Open the Audit page.
l
To configure an audit server for a new service (as part of the flow of the Add Service wizard), navigate to
Configuration > Posture > Audit Servers, then click Add Audit Server.
l
To modify an existing audit server, navigate to Configuration > Posture > Audit Server, and select an audit server.
2. Add a custom audit server l
When you click Add Audit Server, Policy Manager displays the Add Audit Server page. Configuration settings vary depending on audit server type: n n
Nessus Audit Server on page 285
Nessus Audit Server
Policy Manager uses the Nessus audit server interface primarily to perform vulnerability scanning. It returns a
Healthy/Quarantine result. The Audit tab identifies the server and defines configuration details.
ClearPass Policy Manager 6.5 | User Guide Posture | 285
Figure 257: Nessus Audit Server - Audit Tab
Table 154: Nessus Audit Server - Audit Tab
Parameter Description
Name Specify the name of the audit server.
Description
Type
In-Progress
Posture Status
Default Posture
Status
Enter the description that provides additional information about the audit server.
Specify the type of audit server from NMAP or NESSUS.
Specifies the posture status during audit. Select the status from the drop-down list.
Specifies the posture status if evaluation does not return a condition/action match.
Select the status from the drop-down list.
The Primary Server and Backup Server tabs specify connection information for the NESSUS audit server.
286 | Posture ClearPass Policy Manager 6.5 | User Guide
Figure 258: Nessus Audit Server - Primary and Backup Tabs
Table 155: Nessus Audit Server - Primary and Backup Server Tabs
Parameter Description
Server Name and
Port/ Username/
Password
Scan Profile
Specifies the standard NESSUS server configuration fields.
NOTE: For the backup server to be invoked on primary server failover, check the
Enable to use backup when primary does not respond check box.
You can accept the default scan profile or select Add/Edit Scan Profile to create other profiles and add them to the scan profile list. Refer to
.
The Rules tab specifies rules for post-audit evaluation of the request to assign a role. For more information, refer to
.
Nessus Scan Profiles
A scan profile contains a set of scripts (plugins) that perform specific audit functions. To Add/Edit Scan Profiles, select Add/Edit Scan Profile (link) from the Primary Server tab of the Nessus Audit Server configuration.
The Nessus Scan Profile Configuration page displays.
ClearPass Policy Manager 6.5 | User Guide Posture | 287
Figure 259: Nessus Scan Profile Configuration Page
You can refresh the plugins list (after uploading plugins into Policy Manager, or after refreshing the plugins on your external Nessus server) by clicking Refresh Plugins List. The Nessus Scan Profile Configuration page provides three views for scan profile configuration: l
The Profile tab identifies the profile and provides a mechanism for selection of plugins: n
From the Filter plugins by family drop-down list, select a family to display all available member plugins in the list below. You may also enter the name of a plugin in Filter plugins by ID or name text box.
n n
Select one or more plugins by enabling their corresponding check boxes (at left). Policy Manager will remember selections as you select other plugins from other plugin families.
When finished, click the Selected Plugins tab.
288 | Posture ClearPass Policy Manager 6.5 | User Guide
Figure 260: Nessus Scan Profile Configuration - Profile Tab l
The Selected Plugins tab displays all selected plugins, plus any dependencies.
To display a synopsis of any listed plugin, click on its row.
ClearPass Policy Manager 6.5 | User Guide Posture | 289
Figure 261: Nessus Scan Profile Configuration Profile Tab - Plugin Synopsis
Of special interest is the section of the synopsis entitled Risks. To delete any listed plugin, click on its corresponding trashcan icon. To change the vulnerability level of any listed plugin, click on the link to change the level to one of
HOLE, WARN, or INFO. This action tells Policy Manager the vulnerability level that is considered to be assigned
QUARANTINE status.
Figure 262: Nessus Scan Profile Configuration - Selected Plugins Tab
Figure 263: Nessus Scan Profile Configuration Selected Plugins Tab - Vulnerability Level
For each selected plugin, the Preferences tab contains a list of fields that require entries.
In many cases, these fields will be pre-populated. In other cases, you must provide information required for the operation of the plugin.
290 | Posture ClearPass Policy Manager 6.5 | User Guide
By way of example of how plugins use this information, consider a plugin that must access a particular service, in order to determine some aspect of the client’s status; in such cases, login information might be among the preference fields.
Figure 264: Nessus Scan Profile Configuration - Preferences Tab
After saving the profile, plugin, and preference information for your new (or modified) plugin, you can go to the
Primary/Backup Servers tabs and select it from the Scan Profile drop-down list.
NMAP Audit Server
To create an NMAP audit server, Navigate to Configuration > Posture > Audit Servers page and click Add.
From the Audit tab, select the NMAP radio button in the Type field. Policy Manager uses the NMAP audit server interface exclusively for network port scans. The health evaluation always returns the Healthy status.
The port scan gathers attributes that allow determination of role(s) through post-audit rules. The NMAP audit server has the following tabs: l l l l
Audit
NMAP Options
Rules
Summary
Audit Tab
You can use the Audit tab to identify the server and define configuration details.
shows an example of the Audit tab:
ClearPass Policy Manager 6.5 | User Guide Posture | 291
Figure 265: Audit Tab - NMAP Audit Server
The following table describes the parameters configured in the Audit tab:
Table 156: Audit Tab Parameters
Parameter
Name
Description
Description
Enter the name of the NMAP audit server.
Enter the description of the NMAP audit server that provides some additional information.
Type
In Progress
Posture Status
Default Posture
Status
Specify the type of an NMAP audit server. In this context, select NMAP.
Posture status during audit. Select a status from the drop-down list.
Select the posture status if evaluation does not return a condition/action match.
Select a status from the drop-down list.
NMAP Options Tab
You can use the NMAP Options tab to specify scan configuration.
292 | Posture ClearPass Policy Manager 6.5 | User Guide
Figure 266: NMAP Options Tab
Table 157: NMAP Options Tab
Parameter Description
TCP Scan To specify a TCP scan, select from the TCP Scan drop-down list. Refer to
NMAP documentation for more information on these options. NMAP option -scanflags.
UDP Scan
Service Scan
Detect Host
Operating System
To enable, check the UDP Scan check box. NMAP option -sU.
To enable, check the Service Scan check box. NMAP option -sV.
To enable, check the Detect Host Operating System check box. NMAP option -A.
Port Range/ Host
Timeout/ In Progress
Timeout l l l
Port Range - Range of ports to scan. NMAP option -p.
Host Timeout - Give up on target host after this long. NMAP option --hosttimeout
In Progress Timeout - How long to wait before polling for NMAP results.
The Rules tab provides specifies rules for post-audit evaluation of the request to assign a role. Refer to
.
Post-Audit Rules
The Rules tab specifies rules for post-audit evaluation of the request to assign a role.
ClearPass Policy Manager 6.5 | User Guide Posture | 293
Figure 267: All Audit Server Configurations - Rules Tab
Table 158: All Audit Server Configurations - Rules Tab
Parameter Description
Rules Evaluation
Algorithm
Select first matched rule and return the role or Select all matched rules and return a set of roles.
Add Rule
Move Up/Down
Edit Rule
Remove Rule
Add a rule. Brings up the rules editor. See below.
Reorder the rules.
Brings up the selected rule in edit mode.
Remove the selected rule.
Figure 268: All Audit Server Configurations - Rules Editor
294 | Posture ClearPass Policy Manager 6.5 | User Guide
Table 159: All Audit Server Configurations - Rules Editor
Parameter Description
Conditions
Actions
The Conditions list includes five dictionaries: Audit-Status, Device-Type, Output-Msgs,
Mac-Vendor, Network-Apps, Open-Ports, and OS-Info. Refer to
The Actions list includes the names of the roles configured in Policy Manager.
Save To commit a Condition/Action pairing, click Save.
ClearPass Policy Manager 6.5 | User Guide Posture | 295
296 | Posture ClearPass Policy Manager 6.5 | User Guide
advertisement
Related manuals
advertisement
Table of contents
- 17 About ClearPass Policy Manager
- 17 About the ClearPass Access Management System
- 17 About This Guide
- 17 Getting Started
- 18 ClearPass Access Management System Overview
- 18 Key Features
- 19 Advanced Policy Management
- 20 ClearPass Specifications
- 24 Accessing Configuration Information
- 24 Introduction
- 25 Start Here
- 25 Services
- 25 Authentication and Authorization
- 26 Identity
- 26 Posture
- 26 Enforcement
- 26 Network
- 26 Policy Simulation
- 27 Profile Settings
- 27 Importing and Exporting Information
- 27 Importing Information Into ClearPass
- 28 Exporting Information Into ClearPass
- 29 Monitoring
- 29 Live Monitoring: Access Tracker
- 30 Editing the Access Tracker
- 31 Viewing Access Tracker Session Details
- 38 Live Monitoring: Accounting
- 38 Modifying the Accounting Table
- 39 RADIUS Accounting Details
- 46 TACACS+ Accounting Details
- 48 Live Monitoring: OnGuard Activity
- 54 Live Monitoring: Analysis and Trending
- 55 Live Monitoring: Endpoint Profiler
- 56 Live Monitoring: System Monitor
- 57 System Monitor Tab
- 57 Process Monitor Tab
- 59 Network Tab
- 60 ClearPass Tab
- 61 Audit Viewer
- 63 Event Viewer
- 63 Creating an Event Viewer Report Using Default Values
- 63 Creating an Event Viewer Report Using Custom Values
- 64 Viewing Report Details
- 65 Data Filters
- 66 Adding a Filter
- 68 Blacklisted Users
- 71 Services
- 71 Services Architecture and Flow
- 71 Creating Service Templates
- 71 Service Templates Provided
- 75 Services Supported for High Capacity Guest Mode
- 76 Viewing the List of Services
- 77 Viewing Existing Services
- 78 Adding and Removing Services
- 80 Reordering Services
- 82 802.1X Wired, 802.1X Wireless, and Aruba 802.1X Wireless
- 85 Aruba VPN Access with Posture Checks
- 87 Aruba Auto Sign-On
- 89 Certificate/Two-factor Authentication for ClearPass Application Login
- 91 ClearPass Admin Access
- 92 ClearPass Admin SSO Login (SAML SP Service)
- 93 ClearPass Identity Provider (SAML IdP Service)
- 94 Device Mac Authentication
- 95 EDUROAM Service
- 98 Encrypted Wireless Access via 802.1X Public PEAP method
- 99 Guest Access Web Login
- 100 Guest Access
- 101 Guest MAC Authentication
- 103 Guest Social Media Authentication
- 105 OAuth2 API User Access
- 105 Onboard
- 107 User Authentication with MAC Caching
- 110 Policy Manager Service Types
- 110 Aruba 802.1X Wireless
- 121 802.1X Wireless
- 122 802.1X Wired
- 122 MAC Authentication
- 123 Web-based Authentication
- 124 Web-based Health Check Only
- 125 Web-based Open Network Access
- 126 802.1X Wireless - Identity Only
- 126 802.1X Wired - Identity Only
- 126 RADIUS Enforcement (Generic)
- 127 RADIUS Proxy
- 128 RADIUS Authorization
- 129 TACACS+ Enforcement
- 129 Aruba Application Authentication
- 130 Aruba Application Authorization
- 130 Cisco Web Authentication Proxy
- 133 Authentication and Authorization
- 133 Supported Authentication Methods
- 133 Authentication and Authorization Architecture and Flow
- 135 Configuring Authentication Components
- 137 Adding and Modifying Authentication Methods
- 138 Authorize Authentication Method
- 139 CHAP and EAP-MD5
- 139 EAP-FAST
- 144 EAP-GTC
- 146 EAP-MSCHAPv2
- 146 EAP-PEAP
- 149 EAP-PEAP-Public
- 152 EAP-PWD
- 153 EAP-TLS
- 155 EAP-TTLS
- 158 MAC-AUTH
- 158 MSCHAP
- 159 PAP
- 161 Adding and Modifying Authentication Sources
- 162 Generic LDAP and Active Directory
- 175 Generic SQL DB
- 180 HTTP
- 185 Kerberos
- 188 Okta
- 193 RADIUS Server
- 196 Static Host List
- 198 Token Server
- 203 Configuring Identity Settings
- 203 Configuring Single Sign-On
- 203 SAML Service Provider (SP) Configuration
- 204 Identity Provider (IdP) Configuration
- 204 Managing Local Users
- 205 Adding a Local User
- 206 Modifying a Local User Account
- 207 Importing and Exporting Local Users
- 207 Setting Password Policy for Local Users
- 208 Adding and Modifying Static Host Lists
- 210 Adding and Modifying Endpoints
- 210 Viewing List of Authentication Endpoints
- 211 Viewing Endpoint Authentication Details
- 211 Triggering Actions Performed on Endpoints
- 212 Updating Device Fingerprints From a Hosted Portal
- 214 Manually Adding an Endpoint
- 214 Modifying an Endpoint
- 217 Configuring a Role and Role Mapping Policy
- 217 Identity Roles Architecture and Workflow
- 219 Adding and Modifying Roles
- 219 Adding and Modifying Role Mapping Policies
- 223 Posture
- 223 Posture Methods
- 223 Posture Architecture and Flow
- 225 Configuring Posture Policy Agents and Hosts
- 226 NAP Agent
- 228 OnGuard Agent (Persistent or Dissolvable)
- 231 Configuring Posture Policy Plug-ins
- 232 Configuring NAP Agent Plugins
- 233 Configuring OnGuard Agent Plugins
- 275 Configuring Posture Policy Rules
- 276 Configuring Posture for Services
- 278 Configuring Posture Servers
- 279 Posture Server Tab
- 280 Primary Server and Backup Server Tabs
- 281 Summary Tab
- 281 Configuring Audit Servers
- 281 Audit Service Flow Control
- 282 Built-In Audit Servers
- 285 Custom Audit Servers
- 293 Post-Audit Rules
- 297 Configuring Enforcement
- 297 Configuring Enforcement Policies
- 299 Configuring Enforcement Profiles
- 301 Agent Enforcement
- 305 Aruba Downloadable Role Enforcement
- 315 Aruba RADIUS Enforcement
- 317 Cisco Downloadable ACL Enforcement
- 319 Cisco Web Authentication Enforcement
- 321 ClearPass Entity Update Enforcement
- 323 CLI Based Enforcement
- 325 Filter ID Based Enforcement
- 327 Generic Application Enforcement
- 329 HTTP Based Enforcement
- 330 RADIUS Based Enforcement
- 332 RADIUS Change of Authorization (CoA)
- 334 Session Notification Enforcement
- 336 Session Restrictions Enforcement
- 338 SNMP Based Enforcement
- 339 TACACS+ Based Enforcement
- 341 VLAN Enforcement
- 345 Configuring Policy Simulation
- 345 Active Directory Authentication Simulation
- 346 Adding an Active Directory Simulation
- 346 Viewing the Simulation Results
- 347 Application Authentication Simulation
- 347 Simulation Tab
- 347 Attributes Tab
- 348 Results tab
- 348 Audit Simulation
- 349 Results Tab
- 350 Chained Simulation
- 350 Simulation Tab
- 350 Attributes Tab
- 352 Results Tab
- 352 Enforcement Policy Simulation
- 353 Simulation Tab
- 355 Attributes tab
- 355 Results Tab
- 356 RADIUS Authentication Simulation
- 356 Adding a RADIUS Authentication Simulation
- 358 Setting the Attributes to Be Tested
- 360 Viewing the Simulation Results
- 361 Role Mapping Simulation
- 361 Simulation Tab
- 362 Attributes Tab
- 363 Results Tab
- 363 Service Categorization Simulation
- 364 Simulation Tab
- 364 Attributes Tab
- 365 Results Tab
- 365 Import and Export Simulations
- 367 ClearPass Policy Manager Profile
- 367 ClearPass Profile Overview
- 367 Introduction
- 367 Enabling Endpoint Classification
- 368 Configuring CoA for an Endpoint-Connected Device
- 369 How Profile Classifies Endpoints
- 370 Fingerprint Dictionaries
- 371 Viewing Live Endpoint Information for a Specific Device
- 372 About the Device Profile
- 372 Endpoint Information Collectors
- 372 DHCP Collector
- 373 ClearPass Onboard Collector
- 373 HTTP User-Agent Strings Collector
- 373 MAC OUI Collector
- 373 ActiveSync Plugin Collector
- 374 CPPM OnGuard Agent
- 374 SNMP Collector
- 376 Subnet Scan Collector
- 377 SNMP Configuration for Wired Network Profiling
- 379 Network Access Devices
- 379 Introduction
- 379 Adding and Modifying Devices
- 380 Adding a Device
- 386 Additional Tasks
- 386 Adding and Modifying Device Groups
- 389 Adding and Modifying Proxy Targets
- 389 Adding a Proxy Target
- 391 Administration
- 392 ClearPass Portal
- 393 Admin Users
- 393 Adding an Admin User
- 394 Importing and Exporting Admin Users
- 394 Setting Password Policy for Admin Users
- 395 Admin Privileges
- 396 Creating Custom Administrator Privileges
- 396 Administrator Privilege XML File Structure
- 397 Administrator Privileges and IDs
- 400 Sample Administrator Privilege XML File
- 401 Server Configuration
- 402 Edit Server Configuration Settings
- 434 Set Date & Time
- 436 Change Cluster Password
- 437 Policy Manager Zones
- 438 NetEvents Targets
- 439 Virtual IP Settings
- 440 Clear Machine Authentication Cache
- 441 Make Subscriber
- 442 Cluster-Wide Parameters
- 454 Collect Logs
- 455 Backup
- 456 Restore
- 458 Cleanup
- 459 Shutdown/Reboot
- 460 Drop Subscriber
- 460 Log Configuration
- 460 Service Log Configuration
- 462 System Level
- 463 Local Shared Folders
- 463 License Management
- 463 Licensing Main Page
- 464 Adding an Application License
- 465 Activating a Server License
- 466 Activating an Application License
- 467 Updating a Server License
- 468 Updating an Application License
- 469 SNMP Trap Receivers
- 470 SNMP Trap Receivers Main Page
- 470 Adding an SNMP Trap Server
- 471 Importing an SNMP Trap Server
- 472 Exporting All SNMP Trap Servers
- 472 Exporting an SNMP Trap Server
- 473 Deleting an SNMP Trap Server
- 473 Syslog Targets
- 474 Syslog Targets Main Page
- 474 Adding a Syslog Target
- 475 Importing a Syslog Target
- 476 Exporting All Syslog Target
- 477 Exporting a Syslog Target
- 478 Deleting a Syslog Target
- 478 Syslog Export Filters
- 479 Syslog Export Filters Main Page
- 480 Adding a Syslog Export Filter
- 487 Importing a Syslog Filter
- 488 Exporting All Syslog Filter
- 489 Exporting a Syslog Filter
- 490 Deleting a Syslog Filter
- 490 Messaging Setup
- 492 Endpoint Context Servers
- 492 Introduction
- 492 Endpoint Context Servers Page
- 493 Adding an Endpoint Context Server
- 494 Importing an Endpoint Context Server
- 495 Exporting All Endpoint Context Servers
- 496 Modifying an Endpoint Context Server
- 501 Polling an Endpoint Context Server
- 501 Deleting an Endpoint Context Server
- 501 Configuring Endpoint Context Server Actions
- 501 Filtering an Endpoint Context Server Action Report
- 501 Configuring Endpoint Context Server Actions
- 505 Adding machine-os and host-type Endpoint Attributes
- 507 Adding Vendor-Specific Endpoint Context Servers
- 507 Adding an AirWatch Endpoint Context Server
- 510 Adding an AirWave Endpoint Context Server
- 511 Adding an Aruba Activate Endpoint Context Server
- 513 Adding a ClearPass Cloud Proxy Endpoint Context Server
- 515 Adding a Google Admin Console Endpoint Context Server
- 517 Adding a Generic HTTP Endpoint Context Server
- 518 Adding a JAMF Endpoint Context Server
- 519 Adding a MaaS360 Endpoint Context Server
- 522 Adding a MobileIron Endpoint Context Server
- 524 Adding a Palo Alto Networks Firewall Endpoint Context Server
- 525 Adding a Palo Alto Networks Panorama Endpoint Context Server
- 527 Adding an SAP Afaria Endpoint Context Server
- 529 Adding an SOTI Endpoint Context Server
- 530 Adding a XenMobile Endpoint Context Server
- 532 File Backup Servers
- 533 Server Certificate
- 533 Server Certificate Main Page
- 534 Server Certificate Type
- 536 Creating a Certificate Signing Request
- 539 Creating a Self-Signed Certificate
- 544 Exporting a Server Certificate
- 544 Importing a Server Certificate
- 545 Certificate Trust List
- 545 Certificate Trust List Main Page
- 546 Adding a Certificate
- 546 Viewing a Certificate Detail
- 546 Deleting a Certificate
- 547 Certificate Revocation Lists
- 547 Certificate Revocation Lists Main Page
- 547 Adding a Certificate Revocation List
- 548 Deleting a Certificate Revocation List
- 548 Using ClearPass Dictionaries
- 549 RADIUS Dictionary
- 550 Import RADIUS Dictionary
- 550 Posture Dictionary
- 552 TACACS+ Services Dictionary
- 553 Fingerprints Dictionary
- 554 Dictionary Attributes
- 554 Introduction
- 555 Adding a Dictionary Attribute
- 556 Modifying Dictionary Attributes
- 556 Importing Dictionary Attributes
- 557 Exporting All Dictionary Attributes
- 558 Exporting Selected Dictionary Attributes
- 558 Applications Dictionaries
- 558 Viewing an Application Dictionary
- 559 Deleting an Application Dictionary
- 559 OnGuard Settings
- 560 OnGuard Settings Main Page
- 562 Updating Policy Manager Software
- 563 Software Updates Main Page
- 564 Install Update Dialog Box
- 566 Reinstalling a Patch
- 566 Uninstalling a Skin, Translation, or Plugin
- 566 Updating Policy Manager Software
- 567 Software Updates Main Page
- 569 Install Update Dialog Box
- 570 Reinstalling a Patch
- 570 Uninstalling a Skin, Translation, or Plugin
- 571 Contact Support
- 571 Remote Assistance
- 571 Remote Assistance Process Flow
- 572 Adding a Remote Assistance Session
- 574 Documentation
- 577 Command Line Interface
- 577 Cluster Commands
- 577 cluster drop-subscriber
- 578 cluster list
- 578 cluster make-publisher
- 578 cluster make-subscriber
- 579 cluster reset-database
- 579 cluster set-cluster-passwd
- 580 cluster sync-local-passwd
- 580 Configure Commands
- 580 date
- 581 dns
- 581 fips-mode
- 582 hostname
- 582 ip
- 583 ip6
- 583 mtu
- 585 timezone
- 585 Network Commands
- 585 ip
- 587 ip6
- 588 nslookup
- 589 ping
- 589 ping6
- 590 reset
- 590 traceroute
- 590 traceroute6
- 591 Service Commands
- 591 service <action> <service-name>
- 593 Show Commands
- 593 all-timezones
- 593 date
- 593 dns
- 594 domain
- 594 fipsmode
- 594 hostname
- 594 ip
- 595 license
- 596 sysinfo
- 596 timezone
- 596 version
- 597 System Commands
- 597 apps-access-reset
- 597 boot-image
- 598 cleanup
- 599 gen-recovery-key
- 599 gen-support-key
- 599 install-license
- 599 morph-vm
- 600 refresh-license
- 600 reset-server-certificate
- 601 restart
- 601 shutdown
- 601 sso-reset
- 602 start-rasession
- 602 status-rasession
- 602 terminate-rasession
- 602 update
- 603 upgrade
- 605 Miscellaneous Commands
- 605 ad auth
- 605 ad netjoin
- 606 ad netleave
- 606 ad testjoin
- 606 alias
- 607 backup
- 607 dump certchain
- 608 dump logs
- 608 dump servercert
- 609 exit
- 609 help
- 609 krb auth
- 610 krb list
- 610 ldapsearch
- 610 quit
- 611 restore
- 611 system start-rasession
- 612 system terminate-rasession
- 612 system status-rasession
- 613 Rules Editing and Namespaces
- 613 Namespaces
- 614 Application Namespace
- 615 Audit Namespaces
- 615 Authentication Namespaces
- 617 Authorization Namespaces
- 618 Certificate Namespaces
- 619 Connection Namespaces
- 620 Date Namespaces
- 620 Device Namespaces
- 621 Endpoint Namespaces
- 621 Guest User Namespaces
- 621 Host Namespaces
- 621 Local User Namespaces
- 622 Posture Namespaces
- 622 RADIUS Namespaces
- 623 Tacacs Namespaces
- 623 Tips Namespaces
- 623 Variables
- 624 Operators
- 629 SNMP Private MIB, SNMP Traps, System Events, Error Codes
- 629 ClearPass SNMP Private MIB
- 629 Introduction
- 629 System MIB Entries
- 630 RADIUS Server MIB Entries
- 631 Policy Server MIB Entries
- 632 Web Authentication Server MIB Entries
- 633 TACACS+ Server MIB Entries
- 634 Network Traffic MIB Entries
- 634 ClearPass SNMP Traps and OIDs
- 635 Introduction
- 635 ClearPass SNMP Traps
- 636 SNMP Trap Details
- 637 SNMP Daemon Traps
- 637 SNMP Daemon Trap Events
- 637 Network Interface up and Down Events
- 637 Network Interface Status Traps
- 638 CPPM Processes Stop and Start Events
- 638 Disk Space Threshold Traps
- 638 Disk Utilization Threshold Exceed Events
- 638 Process Status Traps
- 646 CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- 646 CPU Load Average Traps
- 647 Important System Events
- 647 Admin UI Events
- 647 Admin Server Events
- 648 Async Service Events
- 648 ClearPass/Domain Controller Events
- 648 ClearPass System Configuration Events
- 648 ClearPass Update Events
- 649 Cluster Events
- 649 Command Line Events
- 649 DB Replication Services Events
- 649 Licensing Events
- 649 Policy Server Events
- 650 RADIUS/TACACS+ Server Events
- 650 SNMP Events
- 650 Support Shell Events
- 650 System Auxiliary Service Events
- 650 System Monitor Events
- 651 Service Names
- 651 Error Codes
- 655 Use Cases
- 655 802.1X Wireless Use Case
- 656 Configuring a Service
- 657 Creating a New Role Mapping Policy
- 661 Web Based Authentication Use Case
- 661 Configuring a Service
- 668 MAC Authentication Use Case
- 668 Configuring the Service
- 671 TACACS+ Use Case
- 671 Configuring the Service
- 672 Single Port Use Case
- 673 OnGuard Dissolvable Agent
- 673 Introduction
- 673 Native Agents Only Mode
- 674 Configuring Workflow in Native Agents Only Mode
- 675 End-to-end flow in Native Agents Only Mode
- 679 Native Agents with Java Fallback Mode
- 679 Configuring Native Agents with Java Fallback Mode
- 680 End-to-end flow in Native Agents with Java Fallback Mode
- 680 Configuring Web Agent Flow - Java Only Mode
- 680 Configuring Web Agent Flow in ClearPass Policy Manager
- 681 Configuring Web Agent Flow in ClearPass Guest
- 683 Native Dissolvable Agent - Supported Browsers
- 686 Supported Browsers and Java Versions