Security

 View Only
Back to discussions
Expand all | Collapse all

Onguard license usage and cppm port requirements

This thread has been viewed 24 times

  • 1.  Onguard license usage and cppm port requirements

    Posted Dec 05, 2025 04:01 AM

    Hi all 

    Suspect I jnow the answer already  but. do ee need  1 onguard license for every onguard client. installation or is it a license pool usage thing ?

    ( think its  1 client = 1 license thing)

    Also,  are there anty additional  tcp/udp ports that need. openning up to clearpass other than  tcp/443  for onguard to work?

    Rgds

    Alex



    -------------------------------------------


  • 2.  RE: Onguard license usage and cppm port requirements

    Posted Dec 05, 2025 04:27 AM
    Edited by HR-abaef5 Dec 05, 2025 04:30 AM

    Alex, the official statement can be found in the Ordering and Scaling Guide for ClearPass:

    OnGuard Licenses are consumed based on the number of devices with the customer installed that connected in the past 24 hours.

    On the port/firewall requirements, those are documented here:



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 12:17 PM

    Also why not use an MDM integration or Extension integration for this instead? Avoids the extra OnGuard license, management and install of the client, etc.

    -------------------------------------------



  • 4.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:05 PM

    OnGuard can provide posture assessment at the time of network connection, along with validating that posture requirement constantly.  MDM isn't as useful for those requirements.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:30 PM
    Not true on the at time of connection. OnGuard when requires connectivity to the ClearPass server for posture eval. MDM can use only the certificate GUID or MAC address, which are available without granting any access.

    You can set your reauth timer on the 802.1X to be whatever value you want to re-evaluate posture. But yes agree it's not 100% continuous. 



    Original Message


  • 6.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:35 PM

    I think you might be confusing OnGuard with Onboard?

    The 802.1X reauth timer has nothing to do with the posture evaluation timer/timeout.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 7.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:45 PM
    I am not. You can have the authentication to back through the Service Policies to be re-evaluated once the re-auth timer expires. At that point the MDM can be queried for updated status.



    Original Message


  • 8.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:55 PM

    Ah.  Yes.  If you want that delay and to count on the MDM being updated.

    OnGuard will monitor the machine continuously and report changes near immediately while the client device is connected.  Different solution for a different need.  Also provides the functionality regardless of whether or not an MDM is able to be used, for instance in a BYOD environment.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 9.  RE: Onguard license usage and cppm port requirements

    Posted Dec 08, 2025 05:59 PM
    Totally agree here. Personally I loath BYOD and always push my customers away from that, it's a nightmare to manage and troubleshoot. That also doesn't count all of the data security concerns either.



    Original Message


  • 10.  RE: Onguard license usage and cppm port requirements

    Posted Dec 09, 2025 03:17 AM
    Hi,
    Because the client doesnt have an MDM solution in place for domain joined windows machines and are insistent that thy use OnGuard :-(

    A


    Original Message


  • 11.  RE: Onguard license usage and cppm port requirements

    Posted Dec 09, 2025 05:01 AM
    So how are they managing these endpoints?  SCCM/GPO?



    Original Message


  • 12.  RE: Onguard license usage and cppm port requirements

    Posted Dec 09, 2025 07:29 AM
    yup
    Sent from my iPhone



    Original Message


Related Content