Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Policy Enforcer Connector Overview

Configure a connector for third-party products (non-Juniper Networks) to unify policy enforcement across all network elements. This protects endpoints, wired and wireless, connecting to third-party devices as well as Juniper devices.

For Policy Enforcer to provide threat remediation to endpoints connecting through third-party devices, it must be able to authenticate those devices and determine their state. It does this using a tracking and accounting threat remediation plug-in to gather information from a RADIUS server and enforce policies such as terminate session and quarantine.

Note All third-party switches being used with Policy Enforcer must support AAA/RADIUS and Dynamic Authorization Extensions to RADIUS protocol (RFC 3579 and RFC 5176).

Note All Cisco Systems switch models that adhere to Radius IETF attributes and support Radius Change of Authorization from Aruba ClearPass are supported by Policy Enforcer for threat remediation.

Once configured, the connector uses an API to gather endpoint MAC address information from the RADIUS server. If a host is found to be suspicious, the RADIUS server sends a CoA to disconnect the active session and quarantine the host. Once the threat has been mitigated, the interface can return to the network again, but must be authorized to do so by Policy Enforcer using the plug-in and information gathered from the RADIUS server.

Once you have a connector configured, the following information is provided on the Connectors main page.

Table 304: Connectors Information- Main Page

Field

Description

Name

The name you entered for the connector.

Type

This field always reads Third Party Switch at this time.

Status

The current status of the connector. (Active or Inactive.)

Hover over the status to see more details of connector instances and their respective status.

The following statuses are shown:

  • Active status with green icon—All connector instances inside a connector are active

  • Inactive status with red icon—All connector instances inside a connector are inactive

  • Active status with red icon—One of the connectors is inactive and other connectors are active.

  • In progress status with green icon—All connectors are still in progress.

  • Pending (not in progress) status with green icon—All connectors are still pending.

Description

Specifies the description of a connector.

Identity Server

Specifies the IP address of the product management server.

IP Address

The IP address of the ClearPass RADIUS server.

Benefits of Policy Enforcer Connector

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit