Hello, community.
We are studying the possibility of configuring a ClearPass workflow for users trying to connect to SSID X but who do not yet have the OnGuard Agent installed.
The idea would be as follows:
The user connects to SSID X.
ClearPass detects that the device does not have the Agent installed.
The user is automatically redirected to a portal page, where the link to download and install the OnGuard Agent would be available.
Is there a native way in ClearPass to configure this automatic download portal?
Should this be done via a captive portal integrated with the posture service (Posture/OnGuard), or is there another recommended best practice?
Has anyone in the community implemented this scenario and could share their experience or best practices?
-------------------------------------------
Original Message:
Sent: Apr 29, 2020 04:07 PM
From: zemerick1
Subject: [Tutorial] - Clearpass - Creating Downloadable OnGuard Agent Execution Scripts
Attached is a PDF explaining how to take advantage of the "Download URL" attribute in OnGuard's Custom Agent Execution scripts.
Environment:
Device: Window 10, OnGuard 6.9.x
CPPM: 6.9.0
This attribute allows you to specify a download location for scripts/executables that may not live on the system. This is particularly helpful if you want to maintain a central repository for scripts to be executed for remediation.
In this guide we will use Clearpass as the repository. We will be utilizing the Clearpass Guest content manager.
Also, this feature is not limited to scripts. You can also download executables and installers to be ran by OnGuard. So, the options are really limitless.
Some examples:
- Install your flavor of AV if the device failed a health check, and it is a corporate device.
- Run a custom script to gather information outside the scope of OnGuard's agent. Add that information to the endpoint using REST APIs.
- Launch a program in the user context. An internal application, for instance.