Overview SSL-VPN with Multifactor Authentication that verifies that Legitimate user has connected to the network with Second Factor of Verification The Health Check of the End-Client makes sure that Only Compliant user are allowed onto the network The Setup Involves below components Fortinet Firewall as SSL-VPN Concentrator ClearPass Policy Manager and ClearPass OnGuard LDAP/AD Ping […]
Adding a new administrator on Clearpass is rather simple. Check out the video below for instructions on how to add new admin users and also create a custom admin privilege if necessary.
Introduction With the current pandemic situation most of the employees are working from home by using the VPN connections to their enterprise network. Since the employees are connecting over public network and using their personal devices, it poses a great security risk to respective enterprises. To mitigate this issue, we are integrating Fortinet VPN solution
Clearpass can be used as an accounting proxy to pass on accounting packets from your NAD devices to an external server like a firewall.etc. Purpose: ClearPass Integration with Fortinet through Radius Accounting (RSSO) would provide the User Data Flow Analysis from user perspective instead of IP address or MAC Address. Check out the
There are multiple features we can use on Clearpass each of which requires a license. These include Platform, Access, Onguard and Onboard. ClearPass Platform Activation Key: The ClearPass Platform License is the base-level license and enables ClearPass on the appliance, including the Policy Manager and Guest user interface. You must have a ClearPass Platform license
Introduction: Aruba MPSK was introduced in the AOS release 8.4.x, a feature using which you can leverage the use of different PSK’s for different devices. The traditional approach is well documented in the link below: https://community.arubanetworks.com/t5/Security/Setting-up-MPSK-for-headless-IoT-devices/td-p/522858 Need for per user MPSK: We at Airowire Networks had the privilege of working with a
Why is it a bad idea to use port 389 for LDAP communication between Clearpass and your Active Directory?
What is LDAP: LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection-oriented transfer services. LDAP is defined in RFC2251 “The Lightweight Directory Access Protocol (v3). Connection between LDAP and Clearpass: On
What is LDAPS (Lightweight Directory Access Protocol Over Secure Socket Links): LDAPS is a distributed IP directory protocol like LDAP, but which incorporates SSL for greater security. The default port for an LDAPS service provider URL is 636. Among the two ports used for LDAP, TCP/UDP 389 and TCP 636, the latter is always recommended
ClearPass Integration with Fortinet Firewall for User Level Visibility ClearPass Integration with Fortinet through Radius Accounting (RSSO) would provide the User Data Flow Analysis from user Perspective instead of IP address or MAC Address Workflow User connects to the Network, authenticating against ClearPass ClearPass sends the Radius accounting information to the Fortinet Firewall with Radius