Security

 View Only

  • 1.  Clearpass - Accouting proxy

    Posted Jan 25, 2019 12:10 AM

    Hi

    I configure Clearpass as accounting proxy to forward accounting message to checkpoint.

    Capture.PNG

    But Check point did't see any accounting message from Clearpass.

    Now, Clearpass got a accouting message from other devices on Live monitoring page 

     

    My question is

    1. Would I need change/add/remove configuration?

    2. I would like to send user' IP address and role to Check point. Which type of attributes and values should be select?

     

    Note: All user name is on local DB within Clearpass

     

    Thanks!  

     



  • 2.  RE: Clearpass - Accouting proxy

    Posted Jan 25, 2019 02:26 AM

    You need to confirm that CPPM is receiving accounting from NAS. 

    In Check Point yo need to configure RADIUS Accounting settings as Danny wrote in the Tech Note: 

    Screenshot 2019-01-25 at 08.22.50.png

    You can find the Tech Note updated in December here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961



  • 3.  RE: Clearpass - Accouting proxy

    Posted Jan 25, 2019 02:35 AM

    Yes

    I'm following these guideline.But I want to know what is value should be set

     

    Capture2.PNG



  • 4.  RE: Clearpass - Accouting proxy

    Posted Jan 25, 2019 02:40 AM
    Everything is in this Tech Note. To send a role or other attributes to Check Point, you need to use the API.
    I configured it one month ago using the API sending the field “user-group” from CPPM to Check Point using the API.


Related Content