Home » Dell Manuals » Hubs & Switches » Dell Powerconnect W-ClearPass Hardware Appliances » Manual Viewer

Dell Powerconnect W-ClearPass Hardware Appliances W-ClearPass Policy Manager 6 - Page 172

Adding and Modifying Posture Policies, ClearPass Windows Universal System Health Validator.

View all Dell Powerconnect W-ClearPass Hardware Appliances manuals

Add to My Manuals
Save this manual to your list of manuals

Page 172 highlights

Configurable Component How to Configure endpoints. Remediation URL This URL defines where to send additional remediation information to endpoints. Sequence of Posture Servers Select a Posture Server, then select Move Up, Move Down, Remove, or View Details. l To add a previously configured Posture Server, select from the Select drop- down list, then click Add. l To configure a new Posture Server, click Add New Posture Server (link) and refer to "Adding and Modifying Posture Servers " on page 199. l To edit the selected posture server, click Modify and refer to "Adding and Modifying Posture Servers " on page 199. Enable auto-remediation of non-compliant end-hosts Select the Enable auto-remediation of non-compliant end-hosts check box to enable the specified remediation server to enable auto-Remediation. Remediation server is optional. A popup appears on the client box, with the URL of the Remediation server. Adding and Modifying Posture Policies Policy Manager supports pre-configured posture plugins, against which administrators can configure rules that test for specific attributes of client health and correlate the results to posture tokens: l If you have NAP Agent (USHA) running on a NAP-compatible client (Microsoft Windows 8, Windows 7, Windows Vista, Windows XP SP3, Windows Server 2008), use: ClearPass Windows Universal System Health Validator. Configurable checking for present/absent Registry Keys, Services and processes, and product-/version-/update- specific checking for Antivirus, Antispyware, and Firewall applications. Checks for peer-to-peer applications or networks, patch management applications, hotfixes, USB devices, virtual machines, and network devices. l If you have ClearPass Linux NAP Agent running on a Linux client (CentOS, Fedora, Red Hat Enterprise Linux, SUSE Linux Enterprise Desktop), use: ClearPass Linux Universal System Health Validator. Configurable checking for present/absent Services, and product-/version-/update- specific checking for Antivirus application, and Firewall configuration. l If you have a Microsoft NAP Agent running on the client, use: n Windows System Health Validator. Configurable checking for required operating system versions and service packs. n Windows Security Health Validator. Configurable checking for Antivirus/Antispyware/Firewall applications, as well as automatic updates and security updates. l If you have ClearPass OnGuard Agent (dissolvable or persistent) running on the client (Windows 8, Windows 7, Windows XP SP3, Windows Vista, Windows Server 2008, Windows 2003, SUSE Linux, Redhat Enterprise Linux, Fedora Linux, CentOS Linux, MAC OS X), use: n ClearPass Windows Universal System Health Validator. Configurable checking for present/absent Registry Keys and Services, and product-/version-/update- specific checking for Antivirus, Antispyware, and Firewall applications. Checks for peer-to-peer applications or networks, patch management applications, hotfixes, USB devices, virtual machines, and network devices. n Windows System Health Validator. Configurable checking for required operating system versions and service packs. 172 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide

Section	Page
About Dell Networking W-ClearPass Policy Manager	11
Powering Up and Configuring Policy Manager Hardware	13
Server Port Overview	13
Server Port Configuration	14
Powering Off the System	15
Resetting Passwords to Factory Default	16
Generating Support Key for Technical Support	16
Policy Manager Dashboard	19
Monitoring	23
Access Tracker	23
Viewing Session Details	25
Accounting	26
OnGuard Activity	35
Analysis and Trending	37
Endpoint Profiler	37
System Monitor	38
Audit Viewer	40
Event Viewer	43
Data Filters	44
Add a Filter	45
Policy Manager Policy Model	49
Services Paradigm	49
Viewing Existing Services	52
Adding and Removing Services	52
Links to Use Cases and Configuration Instructions	53
Policy Simulation	54
Add Simulation Test	56
Import and Exporting Simulations	59
Import Simulations	59
Export Simulations	60
Export	60
ClearPass Policy Manager Profile	61
Device Profile	61
Collectors	61
DHCP	62
Sending DHCP Traffic to CPPM	62
ClearPass Onboard	62
HTTP User-Agent	62
Configuration	63
MAC OUI	63
ActiveSync Plugin	63
CPPM OnGuard	63
SNMP	63
802.1x Wireless Use Case	67
Configuring the Service	67
Web Based Authentication Use Case	73
Configuring the Service	73
MAC Authentication Use Case	79
Configuring the Service	80
TACACS+ Use Case	83
Configuring the Service	83
Single Port Use Case	87
Services	89
Architecture and Flow	89
Start Here Page	90
Policy Manager Service Types	92
Services	101
Adding Services	102
Modifying Services	104
Reordering Services	106
Authentication and Authorization	109
Architecture and Flow	109
Configuring Authentication Components	110
Adding and Modifying Authentication Methods	111
PAP	113
MSCHAP	114
EAP-MSCHAP v2	114
EAP-GTC	115
EAP-TLS	116
EAP-TTLS	118
EAP-PEAP	119
EAP-FAST	121
MAC-AUTH	126
CHAP and EAP-MD5	127
Adding and Modifying Authentication Sources	127
Generic LDAP or Active Directory	129
Kerberos	140
Generic SQL DB	141
Token Server	145
Static Host List	147
HTTP	148
Identity: Users, Endpoints, Roles and Role Mapping	153
Architecture and Flow	153
Configuring a Role Mapping Policy	154
Configuring a Role Mapping Policy	154
Adding and Modifying Role Mapping Policies	155
Policy Tab	155
Mapping Rules Tab	156
Adding and Modifying Roles	158
Local Users, Guest Users, Onboard Devices, Endpoints, and Static Host List Co...	159
Adding and Modifying Local Users	159
Additional Available Tasks	160
Adding and Modifying Guest Users	161
Onboard Devices	163
Adding and Modifying Endpoints	164
Adding and Modifying Static Host Lists	166
Additional Available Tasks	167
Posture	169
Posture Architecture and Flow	169
Configuring Posture	171
Adding and Modifying Posture Policies	172
Configuring Posture Policy Plugins	173
ClearPass Windows Universal System Health Validator - NAP Agent	176
ClearPass Windows Universal System Health Validator - OnGuard Agent	192
ClearPass Linux Universal System Health Validator - NAP Agent	192
ClearPass Linux Universal System Health Validator - OnGuard Agent	195
ClearPass Mac OS X Universal System Health Validator - OnGuard Agent	195
Windows Security Health Validator - NAP Agent	197
Windows Security Health Validator - OnGuard Agent	198
Windows System Health Validator - NAP Agent	199
Windows System Health Validator - OnGuard Agent	199
Adding and Modifying Posture Servers	199
Microsoft NPS	200
Audit Servers	203
Architecture and Flow	203
Configuring Audit Servers	204
Built-In Audit Servers	205
Adding Auditing to a Policy Manager Service	205
Modifying Built-In Audit Servers	206
Custom Audit Servers	207
NESSUS Audit Server	207
NMAP Audit Server	209
Nessus Scan Profiles	211
Post-Audit Rules	215
Enforcement	217
Enforcement Architecture and Flow	217
Configuring Enforcement Profiles	218
RADIUS Enforcement Profiles	221
RADIUS CoA Enforcement Profiles	223
SNMP Enforcement Profiles	224
TACACS+ Enforcement Profiles	224
Application Enforcement Profiles	226
CLI Enforcement Profile	227
Agent Enforcement Profiles	228
Post Authentication Enforcement Profiles	228
Configuring Enforcement Policies	229
Network Access Devices	233
Adding and Modifying Devices	233
Adding a Device	233
Additional Available Tasks	237
Adding and Modifying Device Groups	237
Additional Available Tasks	240
Adding and Modifying Proxy Targets	240
Add a Proxy Target	241
Additional Available Tasks	242
Administration	243
Admin Users	244
Add User	244
Import Users	245
Export Users	246
Export	246
Admin Privileges	246
Import Admin Privileges	246
Export Admin Privileges	247
Export	247
Server Configuration	247
Set Date/Time	248
Change Cluster Password	250
Manage Policy Manager Zones	251
NetEvents Targets	252
Make Subscriber	252
Upload Nessus Plugins	253
Cluster-Wide Parameters	254
Collect Logs	256
Viewing Log Files	257
Backup	258
Restore	259
Shutdown/Reboot	260
Drop Subscriber	260
System Tab	260
Multiple Active Directory Domains	262
Services Control Tab	264
Service Parameters Tab	264
System Monitoring Tab	272
Network Interfaces Tab	273
Creating GRE tunnels	273
Creating VLAN	274
Log Configuration	275
Local Shared Folders	277
Application Licensing	278
Adding a License	279
Activating an Application License	279
Updating a License	280
SNMP Trap Receivers	280
Add SNMP Trap Server	281
Import SNMP Trap Server	282
Export all SNMP Trap Servers	282
Export a Single SNMP Trap Server	283
Syslog Targets	283
Add Syslog Target	284
Import Syslog Target	284
Export Syslog Target	285
Export	285
Syslog Export Filters	285
Add Syslog Filter	286
Import Syslog Filter	288
Export Syslog Filter	289
Export	289
Messaging Setup	289
Endpoint Context Servers	291
MDM Servers	292
Server Certificate	293
Create Self-Signed Certificate	294
Create Certificate Signing Request	296
Export Server Certificate	298
Import Server Certificate	298
Certificate Trust List	298
Add Certificate	299
Revocation Lists	299
Add Revocation List	300
RADIUS Dictionaries	301
Import RADIUS Dictionary	302
Posture Dictionaries	302
TACACS+ Services	303
Fingerprints	304
Attributes	305
Add Attribute	306
Import Attributes	307
Export Attributes	308
Export	308
OnGuard Settings	308
Guest Portal	310
Update Portal	312
Install Update dialog box	314
Updating the Policy Manager Software	315
Upgrade the Image on a Single Policy Manager Appliance	316
Upgrade the Image on All Appliances	316
Command Line Configuration	317
Available Commands	317
Cluster Commands	319
drop-subscriber	320
list	320
make-publisher	320
make-subscriber	321
reset-database	321
set-cluster-passwd	321
set-local-passwd	322
Configure Commands	322
date	322
dns	323
hostname	323
ip	323
timezone	324
Network Commands	324
ip	324
nslookup	325
ping	325
reset	326
traceroute	326
Service commands	327
<action>	327
Show Commands	328
all-timezones	328
date	328
dns	328
domain	329
hostname	329
ip	329
license	329
timezone	330
version	330
System commands	330
boot-image	330
gen-support-key	331
install-license	331
restart	331
shutdown	332
update	332
upgrade	332
Miscellaneous Commands	333
ad auth	333
ad netjoin	334
ad netleave	334
ad testjoin	334
alias	334
backup	335
dump certchain	335
dump logs	336
dump servercert	336
exit	337
help	337
krb auth	337
krb list	338
ldapsearch	338
restore	338
quit	339
Rules Editing and Namespaces	341
Namespaces	341
Variables	347
Operators	348
Software Copyright and License Statements	351
PostgreSQL Copyright	351
GNU LGPL	351
GNU GPL	357
Lighthttpd License	362
Apache License	362
OpenSSL License	365
OpenLDAP License	371

Match case Limit results 1 per page

172

Dell Networking W-ClearPass Policy Manager 6.0 | User Guide

Configurable Component

How to Configure

endpoints.

Remediation URL

This URL defines where to send additional remediation information to endpoints.

Sequence of Posture Servers

Select a Posture Server, then select

Move Up

Move Down

Remove

, or

View

Details

To add a previously configured Posture Server, select from the

Select

drop-

down list, then click

Add.

To configure a new Posture Server, click

Add New Posture Server

(link) and

refer to

"Adding and Modifying Posture Servers " on page 199

To edit the selected posture server, click

Modify

and refer to

"Adding and

Modifying Posture Servers " on page 199

Enable auto-remediation of

non-compliant end-hosts

Select the

Enable auto-remediation of non-compliant end-hosts

check box to

enable the specified remediation server to enable auto-Remediation.

Remediation server is optional. A popup appears on the client box, with the URL of

the Remediation server.

Adding and Modifying Posture Policies

Policy Manager supports pre-configured posture plugins, against which administrators can configure rules that test for

specific attributes of client health and correlate the results to posture tokens:

If you have NAP Agent (USHA) running on a NAP-compatible client (Microsoft Windows 8, Windows 7, Windows

Vista, Windows XP SP3, Windows Server 2008), use:

ClearPass Windows Universal System Health Validator.

Configurable checking for present/absent Registry Keys,

Services and processes, and product-/version-/update- specific checking for Antivirus, Antispyware, and Firewall

applications. Checks for peer-to-peer applications or networks, patch management applications, hotfixes, USB

devices, virtual machines, and network devices.

If you have ClearPass Linux NAP Agent running on a Linux client (CentOS, Fedora, Red Hat Enterprise Linux,

SUSE Linux Enterprise Desktop), use:

ClearPass Linux Universal System Health Validator.

Configurable checking for present/absent Services, and

product-/version-/update- specific checking for Antivirus application, and Firewall configuration.

If you have a Microsoft NAP Agent running on the client, use:

Windows System Health Validator.

Configurable checking for required operating system versions and service

packs.

Windows Security Health Validator.

Configurable checking for Antivirus/Antispyware/Firewall applications, as

well as automatic updates and security updates.

If you have ClearPass OnGuard Agent (dissolvable or persistent) running on the client (Windows 8, Windows 7,

Windows XP SP3, Windows Vista, Windows Server 2008, Windows 2003, SUSE Linux, Redhat Enterprise Linux,

Fedora Linux, CentOS Linux, MAC OS X), use: