Page 1 Dell Networking W-ClearPass Policy Manager 6.0 User Guide...
Page 2: Copyright Information
® System . Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Links to Use Cases and Configuration Instructions Policy Simulation Add Simulation Test Import and Exporting Simulations Import Simulations Export Simulations Export ClearPass Policy Manager Profile Device Profile Collectors DHCP Sending DHCP Traffic to CPPM Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 4 Adding Services Modifying Services Reordering Services Authentication and Authorization Architecture and Flow Configuring Authentication Components Adding and Modifying Authentication Methods MSCHAP EAP-MSCHAP v2 EAP-GTC EAP-TLS EAP-TTLS EAP-PEAP EAP-FAST MAC-AUTH CHAP and EAP-MD5 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 5 Windows Security Health Validator - NAP Agent Windows Security Health Validator - OnGuard Agent Windows System Health Validator - NAP Agent Windows System Health Validator - OnGuard Agent Adding and Modifying Posture Servers Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 6 Additional Available Tasks Adding and Modifying Device Groups Additional Available Tasks Adding and Modifying Proxy Targets Add a Proxy Target Additional Available Tasks Administration Admin Users Add User Import Users Export Users Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 7 Adding a License Activating an Application License Updating a License SNMP Trap Receivers Add SNMP Trap Server Import SNMP Trap Server Export all SNMP Trap Servers Export a Single SNMP Trap Server Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 8 Add Attribute Import Attributes Export Attributes Export OnGuard Settings Guest Portal Update Portal Install Update dialog box Updating the Policy Manager Software Upgrade the Image on a Single Policy Manager Appliance Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 9 Configure Commands date hostname timezone Network Commands nslookup ping reset traceroute Service commands <action> Show Commands all-timezones date domain hostname license timezone version System commands boot-image gen-support-key Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 10 Rules Editing and Namespaces Namespaces Variables Operators Software Copyright and License Statements PostgreSQL Copyright GNU LGPL GNU GPL Lighthttpd License Apache License OpenSSL License OpenLDAP License gSOAP Public License Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 11: About Dell Networking W-Clearpass Policy Manager
The Dell Networking W-ClearPass Policy Manager platform provides role- and device-based network access control across any wired, wireless and VPN. Software modules for the Dell Networking W-ClearPass Policy Manager platform, such as Guest, Onboard, Profile, OnGuard, QuickConnect, and Insight simplify and automate device configuration, provisioning, profiling, health checks, and guest access.
Page 12 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 13: Powering Up And Configuring Policy Manager Hardware
Configuration required. Data (gigabit Provides point of contact for RADIUS, TACACS+, Web Authentication and other data- eth1 Ethernet) plane requests. Configuration optional. If not configured, requests redirected to the management port. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 14: Server Port Configuration
Flow Control: None 2. Login Later, you will create a unique appliance/cluster administration password. For now, use the following preconfigured credentials: login: appadmin password: eTIPS123 This starts the Policy Manager Configuration Wizard. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 15: Powering Off The System
Updates > Software Updates page to view and download any available software updates. Refer to "Updating the Pol- icy Manager Software " on page 315 for more information. Powering Off the System Perform the following to power off the system gracefully without logging in: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 16: Resetting Passwords To Factory Default
4. To generate the recovery key, select option 1 (or 3, if you want to generate a support key, as well). 5. Once the password recovery key is generated, email the key to Dell technical support. A unique password will be generated from the recovery key and emailed back to you.
Page 17 5. To generate the support key, select option 2 (or 3, if you want to generate a password recovery key, as well). 6. Once the password recovery key is generated, email the key to Dell technical support. A unique password can now be generated by Dell technical support to log into the support shell.
Page 18 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 19: Policy Manager Dashboard
This shows a table of the last few authentications. Clicking on a row drills down into the Access Tracker and shows requests sorted by timestamp with the latest request showing first. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 20 Tracker and shows the requests that were categorized into that specific service. This shows a table of last few system level events. Clicking on a row drills down into the Event Viewer Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 21 ClearPass Onboard links to the ClearPass Onboard screen within the ClearPass Guest application. This application opens in a new tab. This shows links to the Dell applications that are integrated with Policy Manager. E.g., GuestConnect, Insight. This shows the status of all nodes in the cluster. The...
Page 22 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 23: Monitoring
The Access Tracker provides a real-time display of system activity, with optional auto-refresh, at: Monitoring > Live Monitoring > Access Tracker. Click on Edit to change the Access Tracker display parameters. Figure 2: Fig: Access Tracker (Edit Mode) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 24 Show 10, 20, 50 or 100 rows. Once selected, this setting is saved and available in subsequent Records logins. Table 5: Access Tracker Session Types Container Description RADIUS All RADIUS transactions (802.1X, MAC-Auth, generic RADIUS) TACACS+ All TACACS+ transactions Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 25: Viewing Session Details
Export this transaction and download as a compressed (.zip extension) file. The compressed file contains the session-specific logs, the policy XML for the transaction, and a text file containing the Access Tracker session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 26: Accounting
Select Date Select the number of days prior to the configured date for which Accounting data is to be Range displayed. Valid number of days is 1 day to a week. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 27 Show 10, 20, 50 or 100 rows. Once selected, this setting is saved and available in subsequent records logins. Click on any row to display the corresponding Accounting Record Details. Figure 4: RADIUS Accounting Record Details (Summary tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 28 Figure 5: RADIUS Accounting Record Details (Auth Sessions tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 29 Figure 6: RADIUS Accounting Record Details (Utilization tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 30 Current connection status of the session Username Username associated with this record Termination The reason for termination of this session Cause Service The value of the standard RADIUS attribute ServiceType Type Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 31 Shows details of RADIUS attributes sent and received from the network device during the initial authentication and subsequent reauthentications (each section in the details tab corresponds to a “session” in Policy Manager. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 32 Figure 8: TACACS+ Accounting Record Details (Request tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 33 Figure 9: TACACS+ Accounting Record Details (Auth Sessions tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 34 Flags Identifier corresponding to start, stop or update accounting record Privilege Level Privilege level of administrator: 1 (lowest) to 15 (highest). Authentication Identifies the authentication method used for the access. Method Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 35: Onguard Activity
(shell), etc. OnGuard Activity The OnGuard Activity screen shows the realtime status of all endpoints that have Dell OnGuard persistent or dissolvable agent, at: Monitoring > Live Monitoring >OnGuard Activity. This screen also presents configuration tools to bounce an endpoint and to send unicast or broadcast messages to all endpoints running the OnGuard agent.
Page 36 This action results in tags being created for the specified endpoint in the Endpoints table (Configuration > Identity > Endpoints). One or more of the following tags are created: Disabled by, Disabled Reason, Enabled by, Enabled Reason, Info URL. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 37: Analysis And Trending
Category, OS Family, and Device Name items that you selected. Click on the Change Selection link to change the selection criteria used to list the devices. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 38: System Monitor
Update Now- Click on this button to update the display with the latest available data. The System Monitor Page includes two tabs: System Monitor. For the selected server, provides load statistics, including CPU, memory, swap memory, physical disk space, and swap disk space: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 39 Process Monitor. For the selected server and process, provides critical usage statistics, including CPU, Virtual Memory, and Main Memory. Use Select Process to select the process for which you want to see the usage statistics. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 40: Audit Viewer
Figure Process Monitor Graphs Audit Viewer The Audit Viewer display provides a dynamic report of Actions, filterable by Action, Name and Category (of policy component), and User, at: Monitoring > Audit Viewer. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 41 For Add Actions, a single popup displays, containing the new data. Figure 18: Audit Row Details (Old Data tab) For Modify Actions, a popup with three tabs displays, comparing the old data and the new. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 42 Figure 19: Audit Row Details (Old Data tab) Figure 20: Audit Row Details (New Data tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 43: Event Viewer
Event Viewer Table 12: Event Viewer Container Description Select Server Select the server for which to display accounting data. Filter Select the filter by which to constrain the display of accounting data. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 44: Data Filters
Policy Manager. It is available at: Monitoring> Data Filters. Figure 24: Data Filters Policy Manager comes pre-configured with the following data filters: All Requests - Shows all requests (without any rows filtered) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 45: Add A Filter
Successful Requests - All authentication requests that were successful. TACACS Requests - All TACACS requests Unhealthy Requests - All requests that were not deemed healthy per policy. WebAuth Requests - All Web Authentication requests (requests originated from the Dell Guest Portal). Table 13: Data Filters...
Page 46 NOTE: We recommend that users who choose this method contact Support. Support can assist you with entering the correct information in this template. The Rules tab displays only when Select Attributes is selected on the Filter tab. Figure 26: Add Filter (Rules tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 47 Web Authentication requests. Example: Auth Method, Auth Source, Enforcement Profiles Name Name of the attributes corresponding to the selected namespace (Type) Operator A subset of string data type operators (EQUALS, NOT_EQUALS, LESS_THAN, LESS_THAN_OR_EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUALS, CONTAINS, NOT_CONTAINS, EXISTS, NOT_EXISTS) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 48 Container Description Value The value of the attribute Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 49: Policy Manager Policy Model
The following image illustrates and describe the basic Policy Manager flow of control and its underlying architecture. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 50 Policy Manager does not make this tab available. Zero or more An Authentication Source is the identity repository against which Policy Authentication per service Manager verifies identity. It supports these Authentication Source types: Source Microsoft Active Directory Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 51 One or more Enforcement Policy Profiles contain attributes that define a client’s scope of Enforcement per service access for the session. Policy Manager returns these Enforcement Profile Profile attributes to the switch. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 52: Viewing Existing Services
In the Services page, click a service’s check box, then click the Export a Service link and provide the output filepath. Later, you can import this service by clicking Import a Service and providing the filepath. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 53: Links To Use Cases And Configuration Instructions
Guest Users. " MAC Authentication Use Case " on page 79 uses a Static Host List for authentication of the MAC address sent by the switch as the device’s username. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 54: Policy Simulation
Posture Policies " on page uses an internal posture policy that evaluates the health of the originating client, based on attributes submitted with the request by the Dell Web Portal, and returns a corresponding posture token. "802.1x Wireless Use Case" on page 67 "Adding and Modifying...
Page 55 Make a copy the selected policy simulation. The copied simulation is renamed with a prefix of Copy_Of_. Export Opens the Export popup. Delete Click to delete a selected (check box on left) Policy Simulation. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 56: Add Simulation Test
Returns (Results tab): Role(s) - including authorization source attributes fetched as roles. Type Input (Simulation tab): Select Service (Posture policies are implicitly selected by their association with the service). Posture Validation. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 57 NOTE: Authentication Source and User Name inputs are used to derive dynamic values in the enforcement profile that are fetched from authorization source. These inputs are optional. NOTE: Dynamic Roles are attributes (that are enabled as a role) fetched from the authorization Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 58 In the Attributes tab, enter the attributes of the policy component to be tested. The namespaces loaded in the Type column depend on the type of simulation (See above). NOTE: The Attributes tab will not display if you select the Audit Policy component in the Simulation tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 59: Import And Exporting Simulations
What is shown in the results tab again depends on the type of simulation. Figure 34: Add Simulation (Results Tab) Import and Exporting Simulations Import Simulations Navigate to Configuration > Policy Simulation and select the Import Simulations link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 60: Export Simulations
To export just one simulation, select it (using the check box at the left) and click Export. Your browser will display its normal Save As dialog, in which to enter the name of the XML file to contain the export. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 61: Clearpass Policy Manager Profile
Timestamp when the device was first discovered Timestamp when the device was last seen Collectors Collectors are network elements that provide data to profile endpoints. The following collectors send endpoint attributes to Profile. DHCP ClearPass Onboard Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 62: Dhcp
Apart from fingerprints, DHCP also provides hostname and IP address. Sending DHCP Traffic to CPPM Perform the following steps to configure your Dell W-Series Controller and Cisco Switch to send DHCP Traffic to CPPM. interface <vlan_name>...
Page 63: Configuration
IP addresses. ActiveSync Plugin ActiveSync plugin is software provided by Dell to be installed on Microsoft Exchange servers. When a device communicates with exchange server using active sync protocol, it provides attributes like device-type and user-agent. These attributes are collected by the plugin software and is send to CPPM profiler. Profiler uses dictionaries to derive profiles from these attributes.
Page 64 Administration > Server Configuration > Manage Policy Manager Zones) depending on the geographical area served by that node, and enable Profile on at least one node per zone. Figure 37: Configuration > Profile Settings Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 65 (category, family, and name). Figure 38: Services > Edit > Profiler tab settings Fingerprint Dictionaries CPPM uses a set of dictionaries and built-in rules to perform device fingerprinting. The following dictionaries are Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 66 Live Monitoring > Endpoint Profiler page detailed device distribution information along with a list of endpoints. From this page, you can also search for endpoint profiles based on category, family, name, etc. Refer to Endpoint Profiler for more information. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 67: Wireless Use Case
Wireless Access Device. The following image illustrates the flow of control for this Service. Figure 39: Flow of Control, Basic 802.1X Configuration Use Case Configuring the Service Follow the steps below to configure this basic 802.1X service: 1. Create the Service Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 68 NOTE: Policy Manager fetches attributes used for role mapping from the Authorization Sources (that are associated with the authentication source). In this example, the authentication and authorization source are one and the same. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 69 Configure Service level authorization source. In this use case there is nothing to configure. Click the Next button. Upon completion, click Next (to Role Mapping). 4. Apply a Role Mapping Policy Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 70 Upon completion of each rule, click the Save button ( in the Rules Editor) > When you are finished working in the Mapping Rules tab, click the Save button (in the Mapping Rules tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 71 Primary/ Backup Server (tabs): Enter connection information for the RADIUS posture server. Next (button): from Primary Server to Backup Server. To complete your work in these tabs, click the Save button. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 72 For instructions about how to build such an Enforcement Policy, refer to "Configuring Enforcement Policies " on page 229. 7. Save the Service. Click Save. The Service now appears at the bottom of the Services list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 73: Web Based Authentication Use Case
Flow-of-Control of Web-Based Authentication for Guests Configuring the Service Perform the following steps to configure Policy Manager for WebAuth-based Guest access. 1. Prepare the switch to pre-process WebAuth requests for the Policy Manager Dell WebAuth service. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 74 Refer to your Network Access Device documentation to configure the switch such that it redirects HTTP requests to the Dell Guest Portal , which captures username and password and optionally launches an agent that returns posture data. 2. Create a WebAuth-based Service.
Page 75 When finished working in the Policy tab, click Next to open the Posture Plugins tab Select a Validator: Posture Plugins (tab) > Enable Windows Health System Validator > Configure (button) > Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 76 Internal Policies (selector): IPP_ UNIVERSAL_XP, then click the Add button The following fields deserve special mention: Default Posture Token. Value of the posture token to use if health status is not available. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 77 Remediation URL. URL of remediation server. 5. Create an Enforcement Policy. Because this Use Case assumes the Guest role, and the Dell Web Portal agent has returned a posture token, it does not require configuration of Role Mapping or Posture Evaluation.
Page 78 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 79: Mac Authentication Use Case
Authentication request. A subsequent MAC Authentication request (forcefully triggered after the audit, or triggered after a short session timeout) uses the cached results from the audit to determine posture and role(s) for the device Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 80: Configuring The Service
Follow these steps to configure Policy Manager for MAC-based Network Device access. 1. Create a MAC Authentication Service. Table 32: MAC Authentication Service Navigation and Settings Navigation Settings Create a new Service: Services > Add Service (link) > Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 81 An audit server determines health by performing a detailed system and health vulnerability analysis (NESSUS). You can also configure the audit server (NMAP or NESSUS) with post-audit rules that enable Policy Manager to determine client identity. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 82 Role), in this use case Policy Manager applies post-audit rules against attributes captured by the Audit Server to infer Role(s). 5. Save the Service. Click Save. The Service now appears at the bottom of the Services list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 83: Tacacs+ Use Case
Policy Manager Service. Figure 42: Administrator connections to Network Access Devices via TACACS+ Configuring the Service Perform the following steps to configure Policy Manager for TACACS+-based access: 1. Create a TACACS+ Service. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 84 Enforcement Policy Navigation and Settings Navigation Setting Select the Enforcement Policy: Enforcement (tab) > Enforcement Policy (selector): Device Command Authorization Policy When you are finished with your work in this tab, click Save. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 85 4. Save the Service. Click Save. The Service now appears at the bottom of the Services list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 86 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 87: Single Port Use Case
The following figure illustrates both the overall flow of control for this hybrid service, in which complementary switch and Policy Manager configurations allow all three types of connections on a single port: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 88 Figure 43: Flow of the Multiple Protocol Per Port Case Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 89: Services
Service from using Service creation Wizard. Top-Down Approach - Start with the Service creation wizard, and create the associated policy components as and when you need them, all in the same flow. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 90: Start Here Page
After you select a service type, the associated service wizard is displayed with a clickable diagram that shows on top of the wizard. The following image displays the flow with all available configuration options for 802.1X Wireless: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 91 Figure 45: Service Wizard with Clickable Flow The rest of the service configuration flow is as described in Policy Manager Service Types. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 92: Policy Manager Service Types
Service-specific policy components (called out with legend below) Template for wireless hosts connecting through a Dell W-Series 802.11 wireless access device or controller, with authentication via IEEE 802.1X. Service rules are customized for a typical Dell W-Series Mobility Controller deployment.
Page 93 IP address through DHCP. Once the audit results are available,there should be a way for Policy Manager to re-apply policies on the network device. This can be accomplished in one of the following ways: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 94 "Configuring a Role Mapping Policy " on page 154. By default, this type of service does not have Posture checking enabled. To enable posture checking for this service select the Posture Compliance check box on the Service tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 95 Optionally configure Profiler settings. Select one or more Endpoint Classification items from the drop down list, then select the RADIUS CoA action. You can also create a new action by selecting the Add new RADIUS CoA Action link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 96 You can also specify the role mapping policy, based on categorization of the MAC addresses in the authorization sources. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 97 Web-based authentication service for guests or agentless hosts, via the Dell built-in Portal. The user is redirected to the Dell captive portal by the network device, or by a DNS server that is set up to redirect traffic on a subnet to a specific URL. The web page collects username and...
Page 98 This type of service is the same as regular 802.1X Wired Service, except that posture and audit policies are not configurable when you use this template. 802.1X Wired - Identity Only Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 99 Failover mode, requests can be dispatched to the first proxy target in the ordered list of targets, and then subsequently to the other proxy targets, sequentially, if the prior requests failed. When you Enable proxy for accounting requests accounting requests are also sent to the proxy targets. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 100 For more information on TACACS+ enforcement profiles, see "TACACS+ Enforcement Profiles " on page 224 for more information. This type of service provides authentication and authorization to users of Dell applications: GuestConnect and Insight. Application Enforcement Profiles can be sent to these or other generic applications for authorizing the users.
Page 101: Services
You can use these service types as configured, or you can edit their settings. Figure 46: Service Listing Page The Services page includes the following fields. Table 40: Services page Label Description Add a service Service Import Import previously exported services Services Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 102: Adding Services
Add Service option. Click on Add Service in the upper-right corner to add a new service. Figure 47: Add Service Page The Add Service tab includes the following fields. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 103 If this is enabled, then enter the Remediation URL. Finally, specify the Posture Server from the drop down menu or add a new server by clicking the Add new Posture Server link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 104: Modifying Services
Modifying Services Navigate to the Configuration > Services page to view available services. You can use these service types as configured, or you can edit their settings. Figure 48: Service Listing Page Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 105 The rules editor appears throughout the Policy Manager interface. It exposes different namespace dictionaries depending on Service type. When working with service rules, you can select from the following namespace dictionaries: Application: The type of application for this service. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 106: Reordering Services
1. To reorder services, navigate to the Configuration > Services page. The following page displays. Figure 50: Service Reorder Button 2. Click the Reorder button located on the lower-right portion of the page to open the Reordering Services form. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 107 Table 44: Reordering Services Label Description Move Up/Move Down Select a service from the list and move it up or down Save Save the reorder operation Cancel Cancel the reorder operation Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 108 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 109: Authentication And Authorization
It also, optionally, can retrieve attributes from authorization sources configured for the Service. The flow of control for authentication takes these components in sequence: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 110: Configuring Authentication Components
For a new Service, the Policy Manager wizard automatically opens the Authentication tab for configuration. Outside of the context of a particular Service, you can open an authentication method or source by itself: Configuration > Authentication > Methods or Configuration > Authentication > Sources. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 111: Adding And Modifying Authentication Methods
(and to remove prefixes and suffixes) before authenticating it to the which usernames are authentication source. present Adding and Modifying Authentication Methods Policy Manager supports specific EAP and non-EAP, tunneled and non-tunneled, methods. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 112 Authentication > Methods, then click on its name in the Authentication Methods listing). When you click Add New Authentication Method from any of these locations, Policy Manager displays the Add Authentication Method popup. Figure 54: Add Authentication Method (popup) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 113: Pap
The PAP method contains one tab. General Tab The General tab labels the method and defines session details. Figure 55: PAP General Tab Table 47: PAP General Tab Parameter Description Name/Description Freeform label and description. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 114: Mschap
Name/Description Freeform label and description. Type In this context, always MSCHAP. EAP-MSCHAP v2 The EAP-MSCHAPv2 method contains one tab. General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 115: Eap-Gtc
Description Name/Description Freeform label and description. Type In this context, always EAP-MSCHAPv2. EAP-GTC The EAP-GTC method contains one tab. General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 116: Eap-Tls
Freeform label and description. Type In this context, always EAP-GTC. Challenge Specify an optional password. EAP-TLS The EAP-TLS method contains one tab. General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 117 LDAP-compliant directory) and presented certificates, choose Compare Binary. Verify Certificate Select Optional or Required if the certificate should be verified by the Online Certificate Status using OCSP Protocol (OCSP). Select None to not verify the certificate. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 118: Eap-Ttls
Caches EAP-TTLS sessions on Policy Manager for reuse if the user/client reconnects to Policy Resumption Manager within the session timeout interval. Session Timeout How long (in hours) to retain cached EAP-TTLS sessions. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 119: Eap-Peap
To set an inner method as the default (the method tried first), select it and click Default. EAP-PEAP The EAP-PEAP method contains two tabs: General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 120 Enable EAPoUDP support. When EAPoUDP support is enabled Policy Manager does not expect Support user authentication to happen within the protected tunnel. Microsoft NAP Enable while Policy Manager establishes the protected PEAP tunnel with a Microsoft NAP- Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 121: Eap-Fast
To set an inner method as the default (the method tried first), select it and click Default. EAP-FAST The EAP-FAST method contains four tabs: General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 122 Choose Using Client Certificate to use a certificate. Certificate Type of certificate comparison (identity matching) upon presenting Policy Manager with a Comparison client certificate: To skip the certificate comparison, choose Do not compare. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 123 To remove an inner method from the displayed list, select the method and click Remove. To set an inner method as the default (the method tried first), select it and click Default. PACs Tab The PACs tab enables/disables PAC types: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 124 This is typically a short-lived PAC (specified in hours, rather than months and years). PAC Provisioning Tab The PAC Provisioning tab controls anonymous and authenticated modes: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 125 Manager certificate. Policy Manager performs anonymous provisioning. Accept end- Once the authenticated provisioning mode is host after complete and the end-host is provisioned with a authenticated PAC, Policy Manager rejects end-host provisioning Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 126: Mac-Auth
In this context, always MAC-AUTH. Allow Unknown Enables further policy processing of MAC authentication requests of unknown clients. End-Hosts If this is not enabled, Policy Manager automatically rejects a request whose MAC address is Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 127: Chap And Eap-Md5
SecurID) fetch role mapping attributes from any other configured When using a token server Authorization Source. as an authentication source, use the administrative interface to optionally configure a separate authorization server. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 128 Add Service wizard), or modify an existing authentication source directly (Configuration > Authentication > Sources, then click on its name in the listing page). Figure 69: Authentication Sources Listing Page Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 129: Generic Ldap Or Active Directory
Copy: Creates a copy of this authentication/authorization source. The Generic LDAP and Active Directory authentication sources contain three tabs: General Tab The General tab labels the authentication source and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 130 Cache Timeout Policy Manager caches attributes fetched for an authenticating entity. This parameter controls the number of seconds for which the attributes are cached. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 131 NOTE: For Active Directory, the bind DN can also be in the administrator@domain format (e.g., administrator@acme.com). Password for the administrator DN entered in the Bind DN field. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 132 (Available only for retrieved. This is not available for Active Directory. Generic LDAP directory) User Certificate Enter the name of the attribute in the user record from which user certificate can be retrieved. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 133 Enforcement Policy. This bypasses the step of having to assign a role in Policy Manager through a Role Mapping Policy. Add More Filters Brings up the filter creation popup. This is described in the next image. The following table describes the available directories. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 134 DN of the user record (UserDN, which is populated after the Authentication filter query is executed. The attribute fetched with this filter query is cn, which is the name of the group (this is aliased to a more readable name: groupName) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 135 AD/LDAP Configure Filter, Filter Tab The Filter tab provides an LDAP browser interface to define the filter search query. Through this interface you can define the attributes used in the filter query. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 136 To aid in populating the value with dynamic session attribute values, a drop down with the commonly used namespace and attribute names is presented (See image below). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 137 The Attributes tab defines the attributes to be fetched from Active Directory or LDAP directory. Each attribute can also be “Enabled as Role,” which means the value fetched for this attribute can be used directly in Enforcement Policies (See "Configuring Enforcement Policies " on page 229.) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 138 The Configuration tab shows the filter and attributes configured in the Filter and Attributes tabs, respectively. From this tab, you can also manually edit the filter query and attributes to be fetched. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 139 Data type specified here. If, for example, you modify the Active Directory department to be an Integer rather than a String, then the list of Operator values will populate with values that are specific to Integers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 140: Kerberos
Add to add it to the list of authorization sources. Click Remove to remove it from the list. NOTE: As described in “Services,” additional authorization sources can be specified at the Service level. Policy Manager fetches role mapping attributes regardless of which Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 141: Generic Sql Db
The Summary tab provides a summary of the configuration. For a configured Generic SQL DB authentication source, buttons on the main page enable you to: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 142 Service level. Policy Manager fetches role mapping attributes regardless of which authentication source the user or device was authenticated against. Backup Servers To add a backup server, click Add Backup. When the Backup 1 tab appears, you can specify Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 143 Select the ODBC driver (Postgres or MSSQL in this release) to connect to database. Attributes Tab The Attributes tab defines the SQL DB query filters and the attributes to be fetched by using those filters. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 144 Table 71: Generic SQL DB Configure Filter Popup Parameter Description Filter Name Name of the filter Filter Query A SQL query to fetch the attributes from the user or device record in DB Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 145: Token Server
Token Server General Tab Parameter Description Name/Description Freeform label and description. Type In this context, Token Server Use for This check box instructs Policy Manager to fetch role mapping attributes (or authorization Authorization Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 146 Host name or IP address of the token server, and the UDP port at which the token server listens for Name/Port RADIUS connections. The default port is 1812. Secret RADIUS shared secret to connect to the token server. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 147: Static Host List
The Summary tab provides a summary of the configuration. General Tab The General Tab labels the authentication source. Figure 89: Static Host List (General Tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 148: Http
The Summary tab provides a summary of the configuration. General Tab The General tab labels the authentication source and defines session details, authorization sources, and backup server details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 149 Move Down to change the server priority of the backup servers. This is the order in which Policy Manager attempts to connect to the backup servers. Primary Tab The Primary tab defines the settings for the primary server. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 150 Alias Name: For each attribute name selected for the filter, you can specify an alias name. Enabled As: Indicates whether an attribute has been enabled as a role. Add More Filters Brings up the filter creation popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 151 Enabled As: Specify whether value is to be used directly as a role or attribute in an Enforcement Policy. This bypasses the step of having to assign a role in Policy Manager through a Role Mapping Policy. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 152 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 153: Identity: Users, Endpoints, Roles And Role Mapping
"Adding and Modifying Guest Users " on page 161). Associated directly with a static host list , again through role mapping ("Adding and Modifying Static Host Lists " on page 166). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 154: Configuring A Role Mapping Policy
You can also configure other roles. Refer to "Adding and Modifying Roles " on page 158. Configuring a Role Mapping Policy After authenticating a request, an Policy Manager Service invokes its Role Mapping Policy, resulting in assignment of Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 155: Adding And Modifying Role Mapping Policies
The Policy tab labels the method and defines the Default Role (the role to which Policy Manager defaults if the mapping policy does not produce a match for a given request). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 156: Mapping Rules Tab
Edit Rule button or Remove Rule button. Figure 98: Role Mapping (Mapping Rules Tab) When you select Add Rule or Edit Rule, Policy Manager displays the Rules Editor popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 157 Operators have their obvious meaning; for stated definitions of operator meaning, refer to "Operators" on page 348. Value of Depending on attribute data type, this may be a free-form (one or many line) edit box, a drop-down list, attribute or a time/date widget. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 158: Adding And Modifying Roles
Role Mapping Policy of any Service. When you click Add Roles from any of these locations, Policy Manager displays the Add New Role popup. Figure 101: Add New Role Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 159: Local Users, Guest Users, Onboard Devices, Endpoints, And Static Host List Configuration
Policy Manager lists all local users in the Local Users page (Configuration > Identity > Local Users): Figure 102: Fig: Local Users Listing To add a local user, click Add User to display the Add Local User popup. Figure 103: Add Local User Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 160: Additional Available Tasks
To export a local user, in the Local Users listing page, select it (via the check box) and click Export. To export ALL local users, in the Local Users listing page, click Export Users. To import local users, in the Local Users listing page, click Import Users. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 161: Adding And Modifying Guest Users
Where this account was created: From Policy Manager or the GuestConnect guest provisioning Application product. In the Guest Users listing: To add a guest user or device, click Add User. This opens the Add New Guest User popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 162 Add a guest user or a guest device User ID/ Name /Password/ Freeform labels and password. Verify Password (Guest User Click Auto Generate to auto-generate a password for the guest user. only) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 163: Onboard Devices
The Configuration > Identity > Onboard Devices page lists all devices that have authenticated. The information within this page includes the device name, owner, status, whether the device is expired, and the expiry time. Figure 107: Onboard Devices Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 164: Adding And Modifying Endpoints
To view the authentication details of an endpoint, select an endpoint by clicking on its check box, and then click the Authentication Records button. This opens the Endpoint Authentication Details popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 165 NOTE: All attributes entered for an endpoint are available in the role mapping rules editor under the Endpoint namespace. To edit an endpoint, in the Endpoints listing page, click on the name to display the Edit Endpoint popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 166: Adding And Modifying Static Host Lists
NOTE: Only static host lists of type MAC address are available as authentication sources. A static host list often functions, in the context of the Service, as a white list or a black list. Therefore, they are configured independently at the global level. Figure 113: Static Host Lists (Listing Page) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 167: Additional Available Tasks
To export ALL Static Host Lists, in the Static Host Lists listing page, click the Export Static Host Lists link. To import Static Host Lists, in the Static Host Lists listing page, click the Import Static Host Lists link Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 168 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 169: Posture
Policy Manager supports two types of Audit Servers: NMAP audit server, primarily to derive roles from post-audit rules; NESSUS audit server, primarily used for vulnerability scans (and, optionally, post-audit rules). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 170 Transient. Client evaluation is in progress; typically associated with auditing a client. The network access granted is interim. Quarantine. Client is out of compliance; restrict network access, so the client only has access to the remediation servers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 171: Configuring Posture
To edit the selected posture policy, click Modify and refer to Modifying Posture Policies " on page 172. Default Posture Token The default posture token is UNKNOWN (100) Remediation End-Hosts Select this check box to enable auto-remediation action on non-compliant Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 172: Adding And Modifying Posture Policies
Checks for peer-to-peer applications or networks, patch management applications, hotfixes, USB devices, virtual machines, and network devices. Windows System Health Validator. Configurable checking for required operating system versions and service packs. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 173: Configuring Posture Policy Plugins
OnGuard Agent - Use this to configure posture policies for guest or web portal based use cases (via a dissolvable Java-applet based agent), or for use cases where ClearPass (persistent) OnGuard Agent is installed on the endpoint. Currently, the following OSes are Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 174 Add Posture Policy (Posture Plugins Tab) - Windows NAP Agent Figure 119: Add Posture Policy (Posture Plugins Tab) - Linux NAP Agent Figure 120: Add Posture Policy (Posture Plugins Tab) - Windows OnGuard Agent Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 175 Quarantine. Client is out of compliance; restrict network access, so the client only has access to the remediation servers. Infected. Client is infected and is a threat to other systems in the network; network access should be denied or severely restricted. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 176: Clearpass Windows Universal System Health Validator - Nap Agent
The ClearPass Windows Universal System Health Validator page popup appears in response to actions in the Posture Plugins tab of the Posture configuration. Figure 124: ClearPass Windows Universal System Health Validator - NAP Agent Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 177 Services to stop panels (using their associated widgets). This list is different for the different OS types. Click the >> or << to add or remove, respectively, the services from the Service to run or Services to stop boxes. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 178 Click Add to specify a process to be added, either to the Processes to be present or Processes to be absent lists. present/absent Click Add for Process to be present to display the Process page detail. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 179 Enter a user friendly name for the process. This is displayed in end-user facing messages. Display name When you save your Process details, the key information appears in the Processes to be present page list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 180 One or more of the matching processes are then terminated. Enter the Enter a user friendly name for the process. This is displayed in end-user facing messages. Display name Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 181 Click Add to specify a registry key to be added, either to the Registry keys to be present or Registry keys to be absent lists. present/absent Click Add for either condition to display the Registry page detail. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 182 Antivirus application. Click An Antivirus Application is On to configure the Antivirus application information. Figure 133: Antivirus Page (Overview - Before) When enabled, the Antivirus detail page appears. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 183 Check the User Notification check box to enable user notification of policy User Notification violation of anti-virus status. Display Update Check the Display Update URL check box to show the origination URL of the update. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 184 AntiSpyware application information. Figure 137: AntiSpyware Page (Overview Before) When enabled, the AntiSpyware detail page appears. Figure 138: AntiSpyware Page (Detail 1) Click Add to specify product, and version check information. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 185 Firewall Page (Overview Before) In the Firewall page, click A Firewall Application is On to configure the Firewall application information. Figure 142: Firewall Page (Detail 1) When enabled, the Firewall detail page appears. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 186 The Peer To Peer page provides a set of widgets for specifying specific peer to peer applications or networks to be explicitly stopped. When you select a peer to peer network, all applications that make use of that network are stopped. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 187 On to configure the patch management application information. Figure 146: Patch Management Page (Overview - Before) When enabled, the Patch Management detail page appears. Figure 147: Patch Management Page (Detail 1) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 188 UI. Select the Patch Mgmt product - Select a vendor from the list Product version is at least - Enter version number Status check type - No check, Enabled, Disabled Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 189 Click the >> or << to add or remove, respectively, the hotfixes from the Hotfixes to run boxes. USB Devices The USB Devices page provides configuration to control USB mass storage devices attached to an endpoint. Figure 151: USB Devices Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 190 Pause all Virtual Machines running on Host - Pause the VM clients that are running on Host. Network Connections The Network Connections page provides configuration to control network connections based on connection type. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 191 Click the >> or << to add or remove Others, Wired, and Wireless connection types. Remediation Action for USB Mass No Action - Take no action; do not eject or disable the attached Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 192: Clearpass Windows Universal System Health Validator - Onguard Agent
ClearPass Linux Universal System Health Validator - NAP Agent The ClearPass Linux Universal System Health Validator page popup appears in response to actions in the Posture Plugins tab of the Posture configuration. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 193 Firewall Check and Antivirus Check. Enable the check box in either page display its respective configuration view: NOTE: The configurations done in the General Configuration section apply to all operating systems whose checks have been turned Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 194 Select Antivirus Check, then click Add in the view that appears to specify Antivirus details. Figure 158: Antivirus Check view When you save your Antivirus configuration, it appears in the Antivirus page list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 195: Clearpass Linux Universal System Health Validator - Onguard Agent
ClearPass Mac OS X Universal System Health Validator - OnGuard Agent The ClearPass Mac OS X Universal System Health Validator page popup appears in response to actions in the Posture Plugins tab of the Posture configuration. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 196 Figure 161: Antivirus Page (Overview - Before) When enabled, the Antivirus detail page appears. Figure 162: Antivirus Page (Detail 1) Click Add to specify product and version check information. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 197: Windows Security Health Validator - Nap Agent
This validator checks for the presence of specific types of security applications. An administrator can use the check boxes to restrict access based on the absence of the selected security application types. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 198: Windows Security Health Validator - Onguard Agent
This validator checks for the presence of specific types of security applications. An administrator can use the check boxes to restrict access based on the absence of the selected security application types. Figure 165: Windows Security Health Validator Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 199: Windows System Health Validator - Nap Agent
Windows System Health Validator - OnGuard Agent (Overview) Adding and Modifying Posture Servers Policy Manager can forward all or part of the posture data received from the client to Posture Servers. The Posture Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 200: Microsoft Nps
Server Type Always Microsoft NPS. Default Posture Posture token assigned if the server is unreachable or if there is a posture check failure. Select Token a status from the drop-down list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 201 Manager will attempt to connect to the backup server after this timeout. For the backup server to be invoked on primary server failover, check the Enable to use backup when primary does not respond check box. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 202 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 203: Audit Servers
Architecture and Flow Audit servers are configured at a global level. Only one audit server may be associated with a Service. The flow-of- control of the audit process occurs as follows: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 204: Configuring Audit Servers
Policy Manager supports these servers externally. This section contains the following topics: "Built-In Audit Servers" on page 205 "Custom Audit Servers" on page 207 "Nessus Scan Profiles" on page 211 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 205: Built-In Audit Servers
DHCP Server documentation for configuring such static bindings. Note that Policy Manager does not issue IP address; it just examines the DHCP traffic in order to derive the IP address of the end-host. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 206: Modifying Built-In Audit Servers
Nessus plugins. You can download others from http://www.tenablesecurity.com, in the form all-2.0.tar.gz. To upload them to the built-in Policy Manager Audit Server, navigate to Administration > Server Manager > Server Configuration, select Upload Nessus Plugins, and then select the downloaded file. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 207: Custom Audit Servers
NESSUS Audit Server Policy Manager uses the NESSUS Audit Server interface primarily to perform vulnerability scanning. It returns a Healthy/Quarantine result. The Audit tab identifies the server and defines configuration details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 208 Posture status if evaluation does not return a condition/action match. Select a status from Status the drop-down list. The Primary Server and Backup Server tabs specify connection information for the NESSUS audit server. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 209: Nmap Audit Server
Policy Manager uses the NMAP Audit Server interface exclusively for network port scans. The health evaluation always returns Healthy. The port scan gathers attributes that allow determination of Role(s) through post-audit rules. The Audit tab labels the Server and defines configuration details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 210 Posture status during audit. Select a status from the drop-down list. Status Default Posture Posture status if evaluation does not return a condition/action match. Select a status from Status the drop-down list. The NMAP Options tab specifies scan configuration. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 211: Nessus Scan Profiles
A scan profile contains a set of scripts (plugins) that perform specific audit functions. To Add/Edit Scan Profiles, select Add/Edit Scan Profile (link) from the Primary Server tab of the Nessus Audit Server configuration. The Nessus Scan Profile Configuration page displays. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 212 Select one or more plugins by enabling their corresponding check boxes (at left). Policy Manager will remember selections as you select other plugins from other plugin families. When finished, click the Selected Plugins tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 213 Figure 180: Nessus Scan Profile Configuration (Profile Tab) The Selected Plugins tab displays all selected plugins, plus any dependencies. To display a synopsis of any listed plugin, click on its row. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 214 This tells Policy Manager the vulnerability level that is considered to be assigned QUARANTINE status. Figure 182: Nessus Scan Profile Configuration (Selected Plugins Tab) Figure 183: Nessus Scan Profile Configuration (Selected Plugins Tab) - Vulnerability Level Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 215: Post-Audit Rules
Primary/Backup Servers tabs and select it from the Scan Profile drop-down list. Post-Audit Rules The Rules tab specifies rules for post-audit evaluation of the request to assign a role. Figure 185: All Audit Server Configurations (Rules Tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 216 Network-Apps, Open-Ports, and OS-Info.. Refer to "Namespaces" on page 341. Actions The Actions list includes the names of the roles configured in Policy Manager. Save To commit a Condition/Action pairing, click Save. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 217: Enforcement
If a device group is not associated with the enforcement profile, attributes in that profile are sent regardless of where the request originated. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 218: Configuring Enforcement Profiles
Enforcement Profile for a new enforcement policy (as part of the flow of the Add Enforcement Policy wizard), or modify an existing Enforcement Profile directly (Configuration > Enforcement > Profiles, then click on its name in the Enforcement Profile listing). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 219 [HP - Terminate Session] - Terminate a session on an HP device. [Dell - Terminate Session] - Terminate a session on a Dell Wireless Controller. There are four built-in TACACS+ profiles that are mapped to the different administrator roles available in Policy Manager.
Page 220 Policy Manager comes pre-packaged with several enforcement profile templates: VLAN Enforcement - All RADIUS attributes for VLAN enforcement are pre-filled in this template. Dell RADIUS Enforcement - RADIUS tempate that can be filled with attributes from the Dell RADIUS dictionaries loaded into Policy Manager.
Page 221: Radius Enforcement Profiles
The “Target Device” attribute specifies the device on which the “Command” attribute is executed. Agent Enforcement - Enforcement profile that encapsulates attributes sent to Dell OnGuard agent. Attributes can be specified to bounce the client or to send a custom message to the client.
Page 222 A - VLAN Enforcement; B - Filter ID Based Enforcement; C - Cisco Downloadable ACL Enforcement; D - Cisco We Authentication Enforcement; E - Generic RADIUS Enforcement; F - Figure 190: RADIUS Enforcement Profile (Attributes Tab) Figure 191: RADIUS Enforcement Profile (Attributes Tab) - Generic RADIUS Enforcement Profile Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 223: Radius Coa Enforcement Profiles
The RADIUS (standard and vendor-specific) shown here are base on the CoA Template selected from the drop down. Fill in values for all entries marked “Enter value here”. The other pre-filled attributes must not be deleted, since the device requires these to be present. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 224: Snmp Enforcement Profiles
The built-in TACACS+ enforcement profiles can also be used to log into the Policy Manager UI. TACACS+ enforcement profiles use ARAP, Policy Manager:HTTP, PIX Shell, PPP:IP, PPP:IPX, PPP:LCP, Wireless-WCS:HTTP, CiscoWLC:Common and Shell namespaces to define service attributes. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 225 Selected Services. Policy Manager ships configured with attributes for some of the listed services. Selections in the Commands tab configure commands and arguments allowed/disallowed for the selected Service Type. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 226: Application Enforcement Profiles
Application Enforcement Profiles Application Enforcement Profiles contain attribute-value pairs and other permissions related to authorization of users of Dell Applications - GuestConnect and Insight. There are three different types of application enforcement profile templates that can be selected: ClearPass Insight Enforcement - Attributes for users of Insight application.
Page 227: Cli Enforcement Profile
Enter the device on which the CLI commands are executed. Typically, this is the edge device on Device which the user/endpoint connected (%{Connection:NAD-IP-Address}). Command Multiple commands (separated by a new line) that are executed on the target device. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 228: Agent Enforcement Profiles
Agent Enforcement Profiles Agent Enforcement Profiles contain attribute-value pairs related to enforcement actions sent to Dell OnGuard Agent. Figure 197: Agent Enforcement Profile (Attributes Tab) Table 123: Agent Enforcement Profiles (Attributes tab) Container Description Bounce Client If checked, the endpoint is bounced by the OnGuard agent (this feature is only available...
Page 229: Configuring Enforcement Policies
Enforcement Policies, then click on its name in the Enforcement Policies listing page). Figure 199: Enforcement Policies Listing Page When you click Add Enforcement Policy, Policy Manager displays the Add Enforcement Policy wizard page: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 230 Below). NOTE: Web-based Authentication or WebAuth (HTTPS) is the mechanism used by authentications performed via a browser, and authentications performed via Dell OnGuard. Both SNMP and CLI (SSH/Telnet) based Enforcement Profiles can be sent to the network device based on the type of device and the use case.
Page 231 If the rule conditions match, attributes from the selected enforcement profiles are sent to Network Access Device. If a rule matches and there are multiple enforcement profiles, the enforcement profile disambiguation rules apply. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 232 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 233: Network Access Devices
Adding a Device To add a device, click the Add Device link, and then complete the fields in the Add Device popup. The tabs and fields are described in the images that follow. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 234 NOTE: All attributes entered for a device are available in the role mapping rules editor under the Device namespace. Add/Cancel Click Add to commit or Cancel to dismiss the popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 235 This option is especially useful when demonstrating static IP-based device profiling because this does not require any trap configuration on the network device. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 236 Allow CLI Access Toggle to enable/disable CLI access. Access Type Select SSH or Telnet. Policy Manager uses this access method to log into the device CLI. Port SSH or Telnet TCP port number. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 237: Additional Available Tasks
(or regular expression-based variation), or devices previously configured in the Policy Manager database. Policy Manager lists all configured device groups in the Device Groups page: Configuration > Network > Device Groups. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 238 Figure 208: Device Groups Page To add a Device Group, click Add Device Group. Complete the fields in the Add New Device Group popup: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 239 Figure 209: Add New Device Group Popup Table 131: Add New Device Group popup Container Description Name/ Description/ Specify identity of the device. Format Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 240: Additional Available Tasks
Proxy targets are configured at a global level. They can then used in configuring RADIUS proxy Services. (Refer to "Policy Manager Service Types" on page 92.) Policy Manager lists all configured proxy servers in the Proxy Servers page: Configuration > Network > Proxy Servers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 241: Add A Proxy Target
Enter the UDP port to send the RADIUS request. Default value for this port is 1812. Port RADIUS Accounting Enter the UDP port to send the RADIUS accounting request. Default value for this port is Port 1813. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 242: Additional Available Tasks
To delete a single Proxy Target from the configuration, select it (via the check box on the left), and then click Delete. Commit the deletion by selecting Yes. Dismiss the popup by selecting No. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 243: Administration
"TACACS+ Services " on page 303 "Fingerprints " on page 304 "Attributes " on page 305 "OnGuard Settings " on page 308 "Guest Portal " on page 310 "Update Portal " on page 312 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 244: Admin Users
Exports all users to an XML file. Export Exports a selected to an XML file. Delete Deletes a selected User. Add User Select the Add User link in the upper right portion of the page. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 245: Import Users
Add/Cancel Add or dismiss changes. Import Users Select the Import Users link in the upper right portion of the page. Figure 214: Import (Admin) Users Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 246: Export Users
To display available Admin Privileges, navigate to the Administration > Users and Privileges > Admin Privileges page. Figure 215: Admin Privileges Import Admin Privileges Select the Import Admin Privileges link on the upper right side of the page. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 247: Export Admin Privileges
"Manage Policy Manager Zones " on page 251 "NetEvents Targets" on page 252 "Make Subscriber " on page 252 "Upload Nessus Plugins " on page 253 "Cluster-Wide Parameters " on page 254 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 248: Set Date/Time
"Network Interfaces Tab" on page 273 Set Date/Time Navigate to Administration > Server Manager > Server Configuration, and click on the Set Date and Time link. This opens by default on the Date &Time tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 249 Select a time zone and click Save. Note that this option is only available on the publisher. To set time zone on the subscriber, select the specific server and set time zone from the server-specific page. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 250: Change Cluster Password
Navigate to Administration > Server Manager > Server Configuration, and click on the Change Cluster Password link. Use this function to change the cluster-wide password. NOTE: Changing this password also changes the password for the CLI user - 'appadmin'. Figure 220: Change Cluster Password Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 251: Manage Policy Manager Zones
You can configure Zones in CPPM to match with the geographical areas in your deployment. There can be multiple Zones per cluster, and each Zone has a number of CPPM nodes that share runtime state. Figure 221: Policy Manager Zones Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 252: Netevents Targets
In the Policy Manager cluster environment, the Publisher node acts as master. An Policy Manager cluster can contain only one Publisher node. Administration, configuration, and database write operations may occur only on this master Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 253: Upload Nessus Plugins
Enable this check box only if you do not require a backup to the existing databases before this operation database. Upload Nessus Plugins Navigate to the Administration > Server Manager > Server Configuration page, and click on the Upload Nessus Plugins link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 254: Cluster-Wide Parameters
Load the plugins, or dismiss. If there are a large number of plugins, the load time can be in the order of minutes. Cluster-Wide Parameters Navigate to the Administration > Server Manager > Server Configuration page, and click on the Cluster-Wide Parameters link. Figure 225: Cluster-Wide Parameters Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 255 This controls how often (in days) endpoints with a status of Known or Disabled are cleaned up from disabled the endpoints table. endpoints cleanup interval Unknown This controls how often (in days) endpoints with a status of Unknown are cleaned up from the endpoints endpoints table. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 256: Collect Logs
These files are saved in Local Shared Folders and can be downloaded to your computer. To collect logs 1. Go to Administration > Server Manager > Server Configuration, 2. Click Collect Logs. The Collect Logs dialog box appears. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 257: Viewing Log Files
You will need an application that can read and unpack a GZip file to view the files in a log file. NOTE: Dell cannot recommend specific software for viewing the contents of files compressed with GZip. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 258: Backup
Navigate to the Administration > Server Manager > Server Configuration page, and click on the Back Up button. Note that this action can also be performed using the " " CLI command backup Figure 227: Backup Popup Figure 228: Post-Backup Popup Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 259: Restore
Restore file location Select either Upload file to server or File is on server. Upload file path Browse to select name of backup file (shown only when Upload file to server radio Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 260: Shutdown/Reboot
Navigate to the Administration > Server Manager > Server Configuration page, and click on a server name in the table. The Server Configuration form opens by default on the System tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 261 Data interface IP address. All authentication and authorization requests arrive on the data IP Address interface. Data/External Port: Data interface Subnet Mask Subnet Mask Data/External Port: Default gateway for data interface Default Gateway Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 262: Multiple Active Directory Domains
Leave Domain - Click on this button to disassociate this Policy Manager appliance from an Active Directory domain. NOTE: For most use cases, if you have multiple nodes in the cluster, you must join each node to the same Active Directory domain. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 263 Check this box to use the Administrator user name to join the domain default domain admin user User User ID of the domain administrator account Name Password Password of the domain administrator account Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 264: Services Control Tab
Once a primary LDAP server is down, Policy Manager connects to one of the backup servers. Retry Interval This parameter specifies how long Policy Manager waits before it tries to connect to the Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 265 IP address for the MAC address of the host before proceeding with audit Figure 234: RADIUS Server Service Parameters Table 149: Service Parameters tab - Radius server Service Description Parameter Proxy Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 266 Maximum number of Local DB DB connections opened Authentication Source Connection Count AD/LDAP Maximum number of AD/LDAP connections opened Authentication Source Connection Count SQL DB Maximum number of SQL DB Authentication Source Connection Count Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 267 Whether PACs generated by this server are valid across the cluster or not across cluster Accounting Log Accounting Store the Interim-Update packets in session logs. Interim-Update Packets Figure 235: TACACS+ Service Parameters Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 268 You can use the ClearPass system service parameters for PHP configuration as well as if all your http traffic flows through a proxy server. Policy Manager relies on an http connection to the Dell update portal in order to download the latest version information for posture services.
Page 269 Typically, audit service will request for a MAC to IP mapping as soon the RADIUS request is received, but the client may take some more time receive and IP address through DHCP. This wait period takes into account the latest DHCP IP address that the client got Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 270 SNMP v3 authentication key and privacy key for incoming traps Authentication SNMP v3 Trap Privacy Key Device Info This specifics the time (in minutes) between polling for device information. Poll Interval Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 271 15-min averages, respectively. If any of these loads exceed the associated maximum value, average then system sends traps to the configured trap servers. Threshold 5 Min CPU load average Threshold Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 272: System Monitoring Tab
Username to use for SNMP v3 communication SNMP v3: Username SNMP Configuration: One of NOAUTH_NOPRIV (no authentication or privacy), AUTH_NOPRIV (authenticate, SNMP v3: Security Level but no privacy), AUTH _PRIV (authenticate and keep the communication private) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 273: Network Interfaces Tab
The administrator can create a generic routing encapsulation (GRE) tunnel. This protocol can be used to create a vir- tual point-to-point link over standard IP network or the internet. Navigate to the Network Interfaces tab and click Create Tunnel. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 274: Creating Vlan
Enter a value here to automatically create a route to this address through the tunnel. Create/Cancel Commit or dismiss changes. Creating VLAN Navigate to the Network Interfaces tab and click Create VLAN. Figure 242: Creating VLAN Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 275: Log Configuration
VLAN already defined in your network. Log Configuration The Policy Manager Log Configuration menu at Administration > Server Manager > Log Configuration provides the following interface for configuration: Figure 243: Log Configuration (Services Level tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 276 (listed in decreasing level of verbosity): Level DEBUG INFO WARN ERROR FATAL Restore Click Save to save changes or Restore Defaults to restore default settings. Defaults/Save Figure 244: Log Configuration (System Level tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 277: Local Shared Folders
Automated Backup files - Database backup files backed up automatically on a daily basis (tar.gz format) Select any file in the list to download it to your local machine. The browser download box appears. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 278: Application Licensing
In this release, you can add and activate OnGuard, Guest, and Onboard application licenses. The Summary section shows the number of purchased licenses for Policy Manager, OnGuard,Guest, and Onboard. Figure 246: Licensing Page - License Summary tab Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 279: Adding A License
1. Go to Administration > Server Manager > Licensing. 2. Click the Applications tab. Figure 249: Licensing Page - Applications tab 3. Click Activate in the Activation Status column. 4. Click OK. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 280: Updating A License
"Add SNMP Trap Server " on page 281 "Import SNMP Trap Server " on page 282 "Export all SNMP Trap Servers " on page 282 "Export a Single SNMP Trap Server " on page 283 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 281: Add Snmp Trap Server
Add SNMP Trap Server To add a trap server, navigate to Administration > External Servers > SNMP Trap Receivers and select the Add SNMP Trap Server link. Figure 252: Add SNMP Trap Server Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 282: Import Snmp Trap Server
To export all SNMP trap servers, navigate to Administration > External Servers > SNMP Trap Receivers and select the Export SNMP Trap Server link. This link exports all configured SNMP Trap Receivers. Click Export Trap Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 283: Export A Single Snmp Trap Server
Opens the Import Syslog Target popup. Export Syslog Target Opens the Export Syslog Target popup. Export Opens the Export popup. Delete To delete a Syslog Target, select it (check box at left) and click Delete. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 284: Add Syslog Target
Navigate to Administration > External Servers > Syslog Targets and select Import Syslog Target. Figure 256: Import Syslog Target Table 165: Import from file Container Description Select File Browse to the Syslog Target configuration file to be imported. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 285: Export Syslog Target
The Policy Manager Syslog Targets page at Administration > External Servers > Syslog Targets provides the following interfaces for configuration: "Add Syslog Filter " on page 286 "Import Syslog Filter " on page 288 "Export Syslog Filter " on page 289 "Export " on page 289 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 286: Add Syslog Filter
To delete a Syslog Filter, select it (check box at left) and click Delete. Add Syslog Filter To add a Syslog Filter, navigate to Administration > External Servers > Syslog Filters > Add Syslog Filter. Refer to the following image. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 287 SQL by clicking the link below the text entry field. NOTE: We recommend that users who choose the Custom SQL method contact Support. Support can assist you with entering the correct information in this template. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 288: Import Syslog Filter
From here you can click >> to add the selected column to the Selected Columns list. Click << to remove a column from the Selected Columns list. Import Syslog Filter Navigate to Administration > External Servers > Syslog Filters > Import Syslog Filter. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 289: Export Syslog Filter
XML file to contain the export. Messaging Setup The Policy Manager Messaging Setup menu at Administration > Server Manager > Messaging Setup provides the following interface for configuration: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 290 Use secure SSL connection for communications with the server. Port This is TCP the port number that the SNMP server listens on. Connection timeout Timeout for connection to the server (in seconds). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 291: Endpoint Context Servers
Domain name of the provider Endpoint Context Servers Policy Manager provides the ability to collect endpoint profile information from MDM vendors and Dell W-series IAPs and RAPs. Navigate to Administration > External Servers > Endpoint Context Servers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 292: Mdm Servers
Enter the MDM server name. Username/password Enter the Username and Password for the MDM server. The frequency in minutes in which the MDM server is polled. This defaults to 60 minutes. The Update Frequency Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 293: Server Certificate
"Create Self-Signed Certificate " on page 294 "Create Certificate Signing Request " on page 296 "Export Server Certificate " on page 298 "Import Server Certificate " on page 298 Figure 264: Server Certificates Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 294: Create Self-Signed Certificate
Navigate to Administration > Certificates > Server Certificate and click the Create Self-Signed Certificate link. This opens the Create Self-Signed Certificate form. Figure 265: Create Self-Signed Certificate After you click Submit, you will be prompted to install the self-signed certificate Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 295 , URI: uri , IP:ip_ address , dns: dns_name , or rid: id . Name (SAN) This field is optional. Private Key Specify and verify password. Password This field is required. Verify Private Key Password Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 296: Create Certificate Signing Request
Figure 267: Create Certificate Signing Request A generated certificate signing request displays after you click Submit. Copy the certificate and paste it into the Web form as part of the enrollment process. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 297 This field is optional. Private Key Specify and verify password. Password This field is required. Verify Private Key Password Key Length Select length for the generated private key: 512, 1024 , or 2048. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 298: Export Server Certificate
To display the list of trusted Certificate Authorities (CAs), navigate to Administration > Certificates > Certificate Trust List. To add a certificate, click Add Certificate; to delete a certificate, select the check box to the left of the certificate and then click Delete. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 299: Add Certificate
To display available Revocation Lists, navigate to Administration > Certificates > Revocation Lists. To add a revocation list, click Add Revocation List. To delete a revocation list, select the check box to the left of the list and then click Delete. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 300: Add Revocation List
Select Update whenever CRL is updated to update the CRL at intervals specified in the list. Or select Update Periodically update to check periodically and at the specified frequency (in days). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 301: Radius Dictionaries
Policy Manager. Enable/Disable Enable or disable this dictionary. Enabling a dictionary makes it appear in the Policy Manager rules editors (Service rules, Role mapping rules, etc.). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 302: Import Radius Dictionary
XML file, and then import the dictionary. To view the contents of the Posture dictionary, sorted by Vendor Name, Vendor ID, Application Name, or Application ID, navigate to: Administration > Dictionaries > Posture. Fig: Posture Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 303: Tacacs+ Services
To add a new TACACS+ service dictionary, click on the Import Dictionary link. To add or modify attributes in an existing service dictionary, select the dictionary, export it, make edits to the XML file, and import it back into Policy Manager. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 304: Fingerprints
Fig: Shell Service Dictionary Attributes Fingerprints The Device Fingerprints table shows a listing of all the device fingerprints recognized by the Profile module. These fingerprints are updated from the Dell Update Portal (See "Update Portal " on page 312 for more information.)
Page 305: Attributes
The Administration > Dictionaries > Attributes page allows you to specify unique sets of criteria for LocalUsers, GuestUsers, Endpoints, and Devices. This information can then be with role-based device policies for enabling appropriate network access. The Attributes page provides the following interfaces for configuration: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 306: Add Attribute
Mandatory Allow Shows whether multiple attributes are allowed for an entity. Multiple Add Attribute To add a new Attribute dictionary, select Add Attribute in the upper right portion of the page. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 307: Import Attributes
NOTE: The imported file is in XML format. To view a sample of this XML format, export a dictionary file and open it in an XML viewer. Figure 284: Import from file Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 308: Export Attributes
Microsoft Windows and MAC OS X operating systems and placed at a fixed URL on the Policy Manager appliance. This URL can then be published to the user community. The agent deployment packages can also be downloaded to another location. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 309 TLS echange with Policy Manager. Agent action when This setting determines what the agent does when an update is available. Options are an update is Ignore, Download Installer, Notify User. available Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 310: Guest Portal
(Authentication:Full-Username attribute) to write different service rules for different portals. SharedSecret : Secret shared with a Wireless Controller (for example, Xirrus Wireless Controller) when Policy Manager is configured as an external captive portal on the network device. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 311 Use default template to edit the different fields as described above. To import a custom HTML file to be used as the guest portal, select Upload custom template. Note that the Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 312: Update Portal
Use the Software Updates page to register for and to receive live updates for: Posture updates, including Antivirus, Antispyware, and Windows Updates Profile data updates, including Fingerprint Software upgrades for the ClearPass family of products Patch binaries, including Onboard, Guest Plugins and Skins Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 313 NOTE: This button is enabled only on publisher node. Firmware & Patch Updates Import If the server is not able to reach the webservice server, click Import Updates to import the latest Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 314: Install Update Dialog Box
Install button is clicked. If the popup is closed, it can be brought up again by clicking the ‘Install in progress…’ link while and installation is in progress or by clicking the ‘Installed’, ‘Install Error’, ‘Needs Restart’ links after the installation is completed. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 315: Updating The Policy Manager Software
Subscriber node. A Policy Manager cluster can contain only one Publisher node. Cluster commands can be used to change the state of the node, hence the Publisher can be made a Subscriber. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 316: Upgrade The Image On A Single Policy Manager Appliance
Fix the problem by adding the subscriber back into the cluster from the CLI. All node configuration, including certificates, log configuration and server parameters are restored (as long as the node entry exists in the publisher with Cluster Sync=false). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 317: Command Line Configuration
"Miscellaneous Commands" on page 333 ad testjoin "Miscellaneous Commands" on page 333 alias "Miscellaneous Commands" on page 333 backup "Miscellaneous Commands" on page 333 cluster drop-subscriber cluster list cluster make-publisher Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 318 "Miscellaneous Commands" on page 333 krb list "Miscellaneous Commands" on page 333 ldapsearch "Miscellaneous Commands" on page 333 network ip network nslookup network ping network traceroute network reset quit "Miscellaneous Commands" on page 333 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 319: Cluster Commands
Cluster Commands The Policy Manager command line interface includes the following cluster commands: "drop-subscriber" on page 320 "list" on page 320 "make-publisher" on page 320 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 320: Drop-Subscriber
Publisher Management port IP=192.168.5.227 Data port IP=None [local machine] make-publisher Makes this node a publisher. Syntax cluster make-publisher Example [appadmin]# cluster make-publisher ******************************************************** * WARNING: Executing this command will promote the Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 321: Make-Subscriber
********************************************************* Continue? [y|Y]: set-cluster-passwd Changes the cluster password on all publisher nodes. Executed on the publisher; prompts for the new cluster password. Syntax cluster set-cluster-passwd Returns [appadmin]# cluster set-cluster-passwd cluster set-cluster-passwd Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 322: Set-Local-Passwd
Synchronize time with specified NTP server. Required. -d <date> Syntax: yyyy-mm-dd Optional. -t <time> Syntax: hh:mm:ss Optional. -z <timezone> Syntax: To view the list of supported timezone values, enter: show all-timezones. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 323: Dns
Where: Table 197: IP Commands Flag/Parameter Description Network interface type: mgmt or data ip <mgmt|data> <ip address> Server ip address. netmask <netmask address> Netmask address. gateway <gateway address> Gateway address. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 324: Timezone
Optional. Specifies the destination ip address or network (for example, 192.168.5.0/24) or 0/0 -d <DestAddr> (for all traffic). Only one of SrcAddr or DstAddr must be specified. Syntax network ip del <-i <id>> Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 325: Nslookup
Host or domain name to be queried. Example 1 [appadmin]# nslookup sun.us.arubanetworks.com Example 2 [appadmin]# nslookup -q SRV arubanetworks.com ping Tests reachability of the network host. Syntax network ping [-i <SrcIpAddr>] [-t] <host> Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 326: Reset
Prints route taken to reach network host. Syntax network traceroute <host> Where: Table 203: Traceroute Commands Flag/Parameter Description <host> Name of network host. Example [appadmin]# network traceroute sun.us.arubanetworks.com Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 327: Service Commands
[ tips-radius-server ] Tacacs server [ tips-tacacs-server ] Async DB write service [ tips-dbwrite-server ] DB replication service [ tips-repl-server ] System monitor service [ tips-sysmon-server ] Example 3 [appadmin]# service status tips-domain-server Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 328: Show Commands
[appadmin]# show date Wed Oct 31 14:33:39 UTC 2012 Displays DNS servers. Syntax show dns Example [appadmin]# show dns show dns =========================================== DNS Information ------------------------------------------- Primary 192.168.5.3 Secondary DNS <not configured> Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 329: Domain
------------------------------------------- IP Address <not configured> Subnet Mask <not configured> Gateway <not configured> =========================================== DNS Information ------------------------------------------- Primary 192.168.5.3 Secondary DNS <not configured> Tertiary <not configured> =========================================== license Displays the license key. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 330: Timezone
"install-license" on page 331 "restart" on page 331 "shutdown" on page 332 "update" on page 332 "upgrade" on page 332 boot-image Sets system boot image control options. Syntax system boot-image [-l] [-a <version>] Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 331: Gen-Support-Key
Install-License Commands Flag/Parameter Description Mandatory. <license-key> This is the newly issued license key. Example [appadmin]# system install-license restart Restart the system Syntax system restart Example [appadmin]# system restart system restart ********************************************************* Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 332: Shutdown
Uninstall the patch. (For exact patch names, refer to [-l] in this table.) Optional. List the patches installed on the system. Example [appadmin]# system update upgrade Upgrades the system. Syntax system upgrade <filepath> Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 333: Miscellaneous Commands
"krb auth" on page 337 "krb list" on page 338 "ldapsearch" on page 338 "quit" on page 339 "restore" on page 338 ad auth Authenticate the user agains AD. Syntax ad auth --username=<username> Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 334: Ad Netjoin
Tests if the netjoin command succeeded. Tests if Policy Manager is a member of the AD domain. Syntax ad testjoin Example [appadmin]# ad testjoin alias Creates or removes aliases. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 335: Backup
Optional. Do not backup password fields from the configuration database Example [appadmin]# backup -f PolicyManager-data.tar.gz Continue? [y|Y]: dump certchain Dumps certificate chain of any SSL secured server. Syntax dump certchain <hostname:port-number> Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 336: Dump Logs
-h dump servercert Dumps server certificate of SSL secured server. Syntax dump servercert <hostname:port-number> Where: Table 215: Dump Servercert Commands Flag/Parameter Description <hostname:port-number> Specifies the hostname and SSL port number. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 337: Exit
Does a kerberos authentication against a kerberos server (such as Microsoft AD) Syntax krb auth <user@domain> Where: Table 216: Kerberos Authentication Commands Flag/Parameter Description <user@domain> Specifies the username and domain. Example [appadmin]# krb auth mike@corp-ad.acme.com Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 338: Krb List
Specify filepath of restore source. filename> Restore configuration database (default). Do not restore configuration database. Optional. If it exists in the backup, restore log database. Optional. Ignore version mismatch errors and proceed. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 339: Quit
Optional. Restore cluster server/node entries from the backup. (Node entries disabled on restore.) Example [appadmin]# restore user@hostname:/tmp/tips-backup.tgz -l -i -c -s quit Exits shell. Syntax quit Example [appadmin]# quit Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 340 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 341: Rules Editing And Namespaces
There are multiple namespaces exposed in the rules editing interface. The namespaces exposed depend upon what you are editing. For example, when you are editing posture policies you work with the posture namespace; when you Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 342 These attribute names are pre- populated in the UI for administrative convenience. For Policy Manager to fetch the values of attributes from Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 343 The connection namespace has the following pre-defined attributes: Table 219: Connection Namespace Pre-defined Attributes Attribute Description Src-IP-Address Src-IP-Address and Src-Port are the IP address and port from which the request (RADIUS, TACACS+, etc.) originated Src-Port Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 344 Tunnel - A tunnel PAC was used to establish the outer tunnel in the EAP-FAST authentication method Machine - A machine PAC was used to establish the outer tunnel in the EAP-FAST authentication method; machine PAC is used for machine authentication (See EAP-FAST in Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 345 Subject-DN, Subject-DC, Subject-UID, Subject-CN, Subject-GN, Attributes associated with the subject (user or Subject-SN, Subject-C, Subject-L, Subject-ST, Subject-O, machine, in this case). Not all of these fields Subject-OU, Subject-emailAddress are populated in a certificate. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 346 Note that these attribtues can be used only if you have pre- populated the values for these attributes when a guest user is configured in Policy Manager. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 347: Variables
See "Adding and Modifying Authentication name} Sources " on page 127. MAC address of client in aa:bb:cc:dd:ee:ff format {RADIUS:IETF:MAC- Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 348: Operators
EQUALS, NOT_EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUALS, LESS_THAN, LESS_ THAN_OR_EQUALS, IN_RANGE BELONGS_TO, NOT_BELONGS_TO List (Example: EQUALS, NOT_EQUALS, MATCHES_ANY, NOT_MATCHES_ANY, MATCHES_ALL, NOT_ Role) MATCHES_ALL, MATCHES_EXACT, NOT_MATCHES_EXACT Group BELONGS_TO_GROUP, NOT_BELONGS_TO_GROUP, and all string data types (Example: Calling-Station- Id, NAS-IP- Address) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 349 EQUALS E.g., RADIUS:IETF:NAS-Port GREATER_THAN_OR_EQUALS 10 LESS_ For integer, time and date data types, true if the run-time value of the attribute is less than the THAN configured value. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 350 For group data types, true if the run-time value of the attribute belongs to the configured group (either TO_GROUP a static host list or a network device group, depending on the attribute). E.g., RADIUS:IETF:Calling-Station-Id BELONGS_TO_GROUP Printers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 351: Software Copyright And License Statements
PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS-IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. GNU LGPL Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 352 However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 353 The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 354 Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 355 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 356 NO WARRANTY Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 357: Gnu Gpl
Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 358 License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 359 Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 360 Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 361 FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 362: Lighthttpd License
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Apache License Version 2.0, January 2004 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 363 You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 364 License. However, in accepting such obligations, You may act only on Your own behalf Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 365: Openssl License
* notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * 3. All advertising materials mentioning features or use of this Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 366 * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 367 * OF THE POSSIBILITY OF SUCH DAMAGE. * ============================================== * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 368 * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * Copyright remains Eric Young's, and as such any Copyright notices in Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 369 * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 370 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 371: Openldap License
The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...
Page 372: Gsoap Public License
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Dell Networking W-ClearPass Policy Manager 6.0 | User Guide...

This manual is also suitable for:

Networking w-clearpass policy manager 6.0

Dell Powerconnect W-ClearPass Hardware Appliances User Manual

Quick Links

Related Manuals for Dell Powerconnect W-ClearPass Hardware Appliances

Summary of Contents for Dell Powerconnect W-ClearPass Hardware Appliances