Dell Powerconnect W-ClearPass Hardware Appliances W-ClearPass Policy Manager 6 - Page 205
Built-In Audit Servers, Adding Auditing to a Policy Manager Service, Table 109
View all Dell Powerconnect W-ClearPass Hardware Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 205 highlights
Built-In Audit Servers When configuring an audit as part of an Policy Manager Service, you can select the default Nessus ([Nessus Server]) or NMAP ([Nmap Audit]) configuration. Adding Auditing to a Policy Manager Service 1. Navigate to the Audit tab l To configure an audit server for a new service (as part of the flow of the Add Service wizard), navigate to Configuration > Services. Select the Add Services link. In the Add Services form, select the Audit tab. NOTE: You must select the Audit End-hosts check box on the Services tab in order for the Audit tab to display. l To modify an existing audit server, navigate to Configuration > Posture > Audit Servers, then select an audit server from the list. 2. Configure auditing Complete the fields in the Audit tab as follows: Figure 172: Audit Tab Table 109: Audit Tab Parameter Description Audit Server/Add new Audit Server Select a built-in server profile from the list: l The [Nessus Server] performs vulnerability scanning. It returns a Healthy/Quarantine result. l The [Nmap Audit] performs network port scans. The health evaluation always returns Healthy. The port scan gathers attributes that allow determination of Role(s) through post-audit rules. NOTE: For Policy Manager to trigger an audit on an end-host, it needs to get the IP address of this end-host. The IP address of the end-host is not available at the time of initial authentication, in the case of 802.1X and MAC authentication requests. Policy Manager has a built-in DHCP snooping service that can examine DHCP request and response packets to derive the IP address of the endhost. For this to work, you need to use this service, Policy Manager must be configured as a DHCP "IP Helper" on your router/switch (in addition to your main DHCP server). Refer to your switch documentation for "IP Helper" configuration. To audit devices that have a static IP addresss assigned, it is recommended that a static binding between the MAC and IP address of the endpoint be created in your DHCP server. Refer to your DHCP Server documentation for configuring such static bindings. Note that Policy Manager does not issue IP address; it just examines the DHCP traffic in order to derive the IP address of the end-host. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 205