Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Policy Enforcer Connector Overview

    Configure a connector for third-party products (non-Juniper Networks) to unify policy enforcement across all network elements. This protects endpoints, wired and wireless, connecting to third-party devices as well as Juniper devices.

    For Policy Enforcer to provide threat remediation to endpoints connecting through third-party devices, it must be able to authenticate those devices and determine their state. It does this using a tracking and accounting threat remediation plug-in to gather information from a RADIUS server and enforce policies such as terminate session and quarantine.

    Note: All third-party switches being used with Policy Enforcer must support AAA/RADIUS and Dynamic Authorization Extensions to RADIUS protocol (RFC 3579 and RFC 5176).

    Note: All Cisco Systems switch models which adhere to Radius IETF attributes and support Radius Change of Authorization from ClearPass are supported by Policy Enforcer for threat remediation.

    Once configured, the Connector uses an API to gather endpoint MAC address information from the RADIUS server. If a host is found to be suspicious, the RADIUS server sends a CoA to disconnect the active session and quarantine the host. Once the threat has been mitigated, the interface can return to the network again, but must be authorized to do so by Policy Enforcer using the plug-in and information gathered from the RADIUS server.

    Once you have a connector configured, the following information is provided on the Connectors main page.

    Table 1: Connectors Information- Main Page

    Field

    Description

    Name

    The name you entered for the connector.

    Type

    This field always reads Third Party Switch at this time.

    Status

    The current status of the connector. (Active or Inactive.)

    Description

    The description you provided.

    IP Address

    The IP address of the ClearPass RADIUS server.

    Modified: 2017-09-20