BLOG

/BLOG

Use Case: IPsec VPN For Remote User With Forti-Client

  In the above use case, the user is able to access the office network and also use the internet through the IPSec VPN tunnel. The advantage is that UTM can be applied for internet traffic.   Instead of using SSL VPN for remote users, the network admin can configure a dial-up IPSec tunnel for [...]

By | March 25th, 2020|BLOG, Case studies/WP, Case studies/WP, Fortigate|0 Comments

Adding licenses on Clearpass

There are multiple features we can use on Clearpass each of which requires a license. These include Platform, Access, Onguard and Onboard. ClearPass Platform Activation Key: The ClearPass Platform License is the base-level license and enables ClearPass on the appliance, including the Policy Manager and Guest user interface. You must have a ClearPass Platform license [...]

By | March 17th, 2020|Aruba, BLOG, ClearPass, ClearPass|0 Comments

Aruba MPSK implementation per user instead of per device

Introduction:   Aruba MPSK was introduced in the AOS release 8.4.x, a feature using which you can leverage the use of different PSK’s for different devices. The traditional approach is well documented in the link below: https://community.arubanetworks.com/t5/Security/Setting-up-MPSK-for-headless-IoT-devices/td-p/522858   Need for per user MPSK:   We at Airowire Networks had the privilege of working with a [...]

By | March 17th, 2020|Aruba, BLOG, ClearPass, ClearPass|0 Comments

Use Case: FortiGate active-passive HA in AWS environment between two different Availability Zones

In the AWS environment, we can deploy and also perform HA between two different Fortigate Instances residing in two different Availability Zones. One FortiGate unit acts as a master/primary node and other as a slave/secondary node. This HA is called "Unicast HA" specific to the AWS environment in comparison to an equivalent feature provided by [...]

By | March 11th, 2020|BLOG, Fortigate|0 Comments

Use Case: Fortigate SD-WAN Implementation Across PAN India Using Fortimanager

Introduction to SD-WAN SD-WAN is a software-defined wide area network architecture that enables organizations to modernize their traditional WAN networks to meet the growing needs of digital evolution. With SD-WAN solutions, organizations gain high-performance networking capabilities that support digital transformation (DX) initiatives to simplify operations which enhance business agility. Client’s Infrastructure The customer is a [...]

By | March 3rd, 2020|BLOG, Case studies/WP, Case studies/WP, Fortigate|0 Comments

Why is it a bad idea to use port 389 for LDAP communication between Clearpass and your Active Directory?

What is LDAP: LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection-oriented transfer services. LDAP is defined in RFC2251 "The Lightweight Directory Access Protocol (v3).   Connection between LDAP and Clearpass: On [...]

By | February 20th, 2020|Aruba, BLOG, ClearPass, ClearPass|0 Comments

How to install a certificate on Active Directory for Secure LDAP over TCP port 636

What is LDAPS (Lightweight Directory Access Protocol Over Secure Socket Links): LDAPS is a distributed IP directory protocol like LDAP, but which incorporates SSL for greater security. The default port for an LDAPS service provider URL is 636. Among the two ports used for LDAP, TCP/UDP 389 and TCP 636, the latter is always recommended [...]

By | February 18th, 2020|Aruba, BLOG, ClearPass, ClearPass|0 Comments

How to Integrate ClearPass with Airwave

Aruba AirWave is an easy-to-use network operations system that manages wired and wireless infrastructure from Aruba and a wide range of third-party manufacturers.   It also includes visibility and controls that let you optimize how devices and applications perform on your network.   The ClearPass-AirWave integration provides a centralized and intuitive user interface, which [...]

By | February 8th, 2018|Aruba, BLOG, ClearPass|0 Comments

How to disable MAC and IP encryption on Ruckus Virtual SmartZone High Scale (vSZ-H).

Are you attempting to use the client MAC address from the browser redirect URL in a custom workflow (hotspot/WISPr) on the Ruckus Virtual SmartZone infrastructure?   Do you notice that encrypted text is displayed instead of the client MAC address as seen below?   https://<captiveportal-server>/guest/ruckus_secuair_splash.php?nbiIP=10.xx.xx.xx&client_mac=ENC618c410c07b38a2423aa9bbc4f60e1132d0bf93f9f60a7d8 &reason=Un-Auth-Captive&wlanName=TEST&dn=host.domain.com&ssid=TEST&mac=84:18:3a:36:21:30&url=http:%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D219472%26clcid%3D0x409 &proxy=0&vlan=1&wlan=26&sip=host.domain.com&zoneName=PPrvD96nZGV3g4VcjuM26g_1492591016766&uip=ENC5e0ae99b6d5548edaf874ed5a9bc0b15&_browser=1   As a security measure, MAC-IP encryption is [...]

By | January 9th, 2018|BLOG|0 Comments

How to enable HPE passport credentials on Clearpass for live signature updates on Version 6.7

On clearpass, you can avail the updates on signatures and other settings such as Posture Signature Updates, Windows Hotfixes Updates, Profile and Posture natures, Extension stores and many others, for which you will have to enable HPE passport credentials. In this video I will walk you through the process of enabling HPE passport credentials for [...]

By | January 9th, 2018|BLOG|0 Comments