Security

Hello, 

We are working on implementing a guest portal through ClearPass and it seems to be almost working. We have it sending an e-mail for a "sponsor" to authorize the guest access and internally things or working fine. If the sponsor pulls the e-mail from their phone though the authorization does not work. Think this is due to us not having the server in our public address space so working to get that setup with a NAT on our firewall. Question is how can we lock this down? Does this process use specific ports or something that we can use to limit access? I really do not want an open NAT hanging out with access to ClearPass server and let it get beat at. 

Thanks in advance ... 

------------------------------
Aruba Newbie
------------------------------

It is HTTPS, so I don't suggest opening it. Usually the user would be on net, or connect to approve over VPN.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
------------------------------

That might be what we do. Just trying to address the issue with say me being your guest. You get e-mail from O365 on your phone but not being able to respond from there but having to go back to desk to respond. 

------------------------------
Brent Berry

Aruba Newbie
------------------------------

Original Message:
Sent: May 08, 2026 01:36 PM
From: DB86
Subject: ClearPass Guest Authentication lockdown

It is HTTPS, so I don't suggest opening it. Usually the user would be on net, or connect to approve over VPN.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
------------------------------

The customers I have implemented access from mobile phones have all had an SSID for the phones. From this SSID they have been able to access the ClearPass server internally.

I have not seen any customer implement this over the mobile network, but as already mentioned a VPN would be one option.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: May 08, 2026 01:53 PM
From: wberry@muellerindustries.com
Subject: ClearPass Guest Authentication lockdown

That might be what we do. Just trying to address the issue with say me being your guest. You get e-mail from O365 on your phone but not being able to respond from there but having to go back to desk to respond. 

------------------------------
Brent Berry

Aruba Newbie
------------------------------


Original Message:
Sent: May 08, 2026 01:36 PM
From: DB86
Subject: ClearPass Guest Authentication lockdown

It is HTTPS, so I don't suggest opening it. Usually the user would be on net, or connect to approve over VPN.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos