Release Notes ClearPass 6.2.
Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners.
Contents Chapter 1 About ClearPass 6.2.5 ............................................................................. 7 Supported Browsers..............................................................................................7 System Requirements ...........................................................................................7 Virtual Appliance Requirements ......................................................................8 Supported ESX/ESXi Versions................................
Chapter 5 Issues Fixed in Previous 6.2.x Releases .............................................. 23 Fixed in 6.2.4 .......................................................................................................23 Policy Manager .............................................................................................23 Guest.............................................................................................................23 Onboard ......................................................
Chapter 1 About ClearPass 6.2.5 ClearPass 6.2.5 is a monthly patch release that introduces new features and provides fixes to previously outstanding issues. These release notes contain the following chapters: Chapter 2, “Upgrade Information” on page 13—Provides upgrade instructions and considerations. Chapter 3, “What’s New in This Release” on page 15—Describes new features and issues introduced in this 6.2.5 release as well as issues fixed in this 6.2.5 release.
Virtual Appliance Requirements The following specifications are recommended in order to properly operate Aruba ClearPass Policy Manager in 64-bit VMware ESX or ESXi server environments. To ensure successful deployment and maintain sufficient performance, verify that your hardware meets the following minimum specifications. ClearPass VMware ships with a 15 GB hard disk volume.
Functional IOP rating for a 40-60 read/write profile for 4K random read/write = 350 In order for a CP-VA-25K virtual appliance to properly support up to 25,000 unique authentications with full logging capability, customers should configure additional hardware to match the number of CPUs and RAM that ship in our hardware appliances. If you do not have the VA resources to support a full workload, please consider ordering the ClearPass Policy Manager hardware appliance.
Sophos: 9 and above Avast COMODO MacAfee Microsoft Security Essentials Microsoft Forefront Endpoint Protection-2008 AVG Trend Micro Windows Defender Firewall Microsoft Windows Firewall Use of Cookies Cookies are small text files that are placed on a user’s computer by Web sites the user visits. They are widely used in order to make Web sites work, or work more efficiently, and to provide information to the owners of a site.
Contacting Support Main Site arubanetworks.com Support Site support.arubanetworks.com Airheads Social Forums and Knowledge Base community.arubanetworks.com North American Telephone 1-800-943-4526 (Toll Free) 1-408-754-1200 International Telephones arubanetworks.com/support-services/aruba-support-program/contactsupport/ Software Licensing Site licensing.arubanetworks.com End of Support information www.arubanetworks.
12 | About ClearPass 6.2.5 ClearPass 6.2.
Chapter 2 Upgrade Information This chapter provides instructions and considerations for upgrading to the 6.2 release. Upgrading to ClearPass Policy Manager 6.2 You can upgrade to ClearPass Policy Manager 6.2 from ClearPass Policy Manager 5.2.0 (non-VM), 6.0.x, or 6.1.x. Upgrade images are available within ClearPass Policy Manager from the Software Updates Portal at Administration > Agents and Software Updates > Software Updates.
After You Upgrade The following actions might be required after upgrading to Policy Manager 6.2.0: If Guest Access with MAC caching service was configured prior to the 6.2 or 6.1 release, then after upgrading to the current release, the service must be recreated from the Service Template “Guest MAC Authentication”. The new enforcement profiles “Guest Expire Post Login” and “Guest Do Expire” will then be included in the enforcement policies.
Chapter 3 What’s New in This Release This chapter provides a summary of the new features and changes in the ClearPass 6.2.5 release. This chapter contains the following sections: “Release Overview” on page 15 “New Features and Enhancements in the 6.2.5 Release” on page 15 “Issues Resolved in the 6.2.5 Release” on page 16 “New Known Issues in the 6.2.5 Release” on page 17 Release Overview ClearPass 6.2.
classes in the following cases: Agent restart, Machine restart, or User Login/Logout. For Mac OS X, this is applicable for the following health classes: Processes and Services. (#19032) A new Health Logs option was added to the Diagnostics tab. Health logs display diagnostic logs related to OnGuard health checks. (#19384) Issues Resolved in the 6.2.5 Release The following issues have been fixed in the ClearPass 6.2.5 release. Policy Manager Table 1 Policy Manager Issues Fixed in 6.2.
Onboard Table 3 Onboard Issues Fixed in 6.2.5 Bug ID Description 20610 Corrected an issue that caused the Mac OS X 10.6 client to display the error message “No networks identified for this OS” during device enrollment. 20699 The error message “Failed to connect to ” was displayed unnecessarily. 20704 XP Credentials and Vista Credentials were removed from Network Settings > Authentication, as these settings had no actual effect on device provisioning.
Table 5 Policy Manager Known Issues in 6.2.5 (Continued) Bug ID Description 20334 Symptom: The Syslog filter prevents the subscriber from being dropped. Scenario: This occurred where a syslog export filter was configured that contained both the publisher and subscriber under the the ClearPass servers. This prevented ClearPass from dropping the subscriber even using the force message. Workaround: Remove the cluster node entries wherever they are referenced and then drop the node.
Chapter 4 Enhancements in Previous 6.2.x Releases This chapter provides a brief summary of the features and enhancements introduced in previous ClearPass 6.2.x releases. Features and Enhancements in Previous 6.2.x Releases This section provides detailed information about changes to each functionality area. Issue tracking IDs are included when available. Policy Manager A “Monitor Mode” option was added for the Windows Hotfixes health class.
CPPM’s integration with Active Directory (AD) servers is enhanced. This also corrects an issue where, under certain conditions, a winbind/AD connection caused Active Directory authentications to fail. (#14273) CPPM now supports sending logs to multiple syslog servers.
When customizing forms, you can now add static text rather than having to base the addition on an existing field. (#13514) The Translation section in ClearPass Guest’s Configuration module, in conjunction with Translation Assistant plugins, let you define and edit language translation packs and enable application features that provide assistance with translation. (#15998, #15102) The Japanese translations language pack is updated.
Clearpass administrators can now configure a default email address on Clearpass OnGuard settings. This email address will be used by clients to send the logs when user clicks Send Logs. (#14917) Installing Unified Client will remove an existing VIA installation. To continue using VPN functionality, log in to CPPM as the administrator, go to Administration > Agents and Software Updates > OnGuard Settings, and select Install and enable Aruba VPN component from the Installer Mode drop-down list.
Chapter 5 Issues Fixed in Previous 6.2.x Releases The following issues were fixed in previous 6.2.x releases. For a list of issues resolved in the 6.2.5 release, see the What’s New in This Release chapter. Fixed in 6.2.4 Policy Manager Table 9 Policy Manager Issues Fixed in 6.2.4 Bug ID Description #18350 #19229 EAP-TLS with OCSP authentication failed if a certificate revocation list existed in the system. #18967 The values provided by the MDM servers were not as expected.
Onboard Table 11 Onboard Issues Fixed in 6.2.4 Bug ID Description #19474 When onboarding for secure wired access, the client machine had to be unplugged and then reconnected after onboarding in order to use the onboarded credentials for network access. OnGuard Table 12 OnGuard Issues Fixed in 6.2.4 Bug ID Description #11319 Live updates for Windows Defender Antivirus software are now supported on the Windows 8 OS. #15360 ClearPass OnGuard Unified Agent for Mac OS X reported BitTorrent 7.
Table 14 Policy Manager Issues Fixed in 6.2.3 (Continued) Bug ID Description #18153 The WorkSpace license count in a cluster is now shown correctly. Before the fix, for a two-node cluster with default licenses, the Enterprise license count correctly showed 50 (25 per node) but only 25 were shown for the WorkSpace license. #18185 Access Tracker was hanging and not showing information from the subscriber CPPM node.
Onboard Table 17 Onboard Issues Fixed in 6.2.3 Bug ID Description #18922 Onboard was not recording multiple MAC addressed in the TLS client certificate. OnGuard Table 18 OnGuard Issues Fixed in 6.2.3 Bug ID Description #13841 Non-English characters are now supported in usernames and passwords for the Clearpass OnGuard Unified Agent running on MAC OSX. #15176 Remediation tasks for Set RTP now work correctly in AVG Free Antivirus (2013).
Fixed in 6.2.2 Policy Manager Table 20 Policy Manager Issues Fixed in 6.2.2 Bug ID Description 17938 AirGroup MAC Auth against Guest devices was counted towards the ClearPass Guest License. Guest Table 21 Guest Issues Fixed in 6.2.2 Bug ID Description 17817 Corrected a potential security issue regarding the redirect functionality of the “target” field in Amigopod login page authentication. Redirect behavior is restricted to internal addresses.
Fixed in 6.2.1 Policy Manager Table 25 Policy Manager Issues Fixed in 6.2.1 Bug ID Description 15382 The 6.2.1 patch addressed a known vulnerability in Struts CVE-2013-2251 that could be introduced by manipulating parameters prefixed with “action:”/”redirect:”/”redirectAction:”, allowing remote command execution. 16498 Support was added for the vendor-specific attribute Aruba-Essid-Name.
Table 26 Guest Issues Fixed in 6.2.1 (Continued) Bug ID Description 17190 The list of accounts and devices shown on the List Accounts and List Devices pages became faulty whenever an invalid condition was added to the “[Guest Roles]” role mapping policy. Invalid conditions in the “[Guest Roles]” role mapping policy are now ignored and they no longer affect the List Accounts or List Devices pages.
WorkSpace Table 30 WorkSpace Issues Fixed in 6.2.1 Bug ID Description 16479 The WorkSpace banner was not shown on the iPhone or iPod, and the WorkSpace > Preferences > Notifications From Admin page was blank. 17268 After the user upgraded, a License error message was displayed on the Onboard + WorkSpace > WorkSpace Configuration pages. 17269 17270 The database query error “invalid input syntax” was displayed if the user tried to save an App Set or an App Policy Template without a name.
Guest Table 33 Guest Issues Fixed in 6.2.0 Bug ID Description 13876 If the sponsor overrode the guest’s role with a new setting, after the guest logged in with the new role and logged out again, Active Sessions still showed the original role instead of the expected role. 14207 After migrating from 6.0.1 or 6.0.2 to 6.1, users that were created in 6.0.x with “No Expiry” showed an expiration date in 2038. 14274 Users could not be disconnected from the Guest > Active Sessions page when using Cisco WLC.
Table 35 Onboard Issues Fixed in 6.2.0 (Continued) Bug ID Description 14364 Android devices could not be connected after provisioning if there was a period character ( . ) in the SSID. 14677 Corrected errors in migration of Onboard configuration from 6.0.2 and earlier systems. 14932 Corrected an issue that could result in the message “Onboard provisioning can not be performed at this host address.
Chapter 6 Known Issues Identified in Previous Releases The following known issues for this release were identified in previous releases. Workarounds are included when possible. For a list of known issues identified in the 6.2.5 release, see the What’s New in This Release chapter. Policy Manager Table 37 Known Issues in Policy Manager Bug ID Description The subscription ID is not retained when you upgrade to CPPM 6.0.2.
Guest Table 38 Known Issues in Guest Bug ID Description 9967 Unicode SMS messages are limited to 70 Unicode characters. The ClearPass Guest user interface still displays 160 characters as the limit. Sending a Unicode SMS message over 70 characters may fail if the SMS service provider does not support multi-part SMS messages. Workaround: If you plan to use Unicode SMS messages, check your SMS receipt carefully to ensure it is not over 70 characters in length.
Onboard Table 40 Known Issues in Onboard Bug ID Description 9897 ClearPass Onboard does not update the Policy Manager endpoints table with an endpoint record when provisioning an iOS 5 device. This is because the iOS 5 device does not report its MAC address to ClearPass Onboard during device provisioning. 10127 Auto-reconnect does not work for Mac OS X 10.7. This client will reconnect using the original credentials that were used to connect to the SSID (PEAP instead of TLS).
Table 41 Known Issues in OnGuard (Continued) ID Description Auto-Remediation fails if the OnGuard agent is installed by a domain user (non-administrator). Two workarounds are available: Workaround 1: Install OnGuard using administrator privileges from the command prompt. Command to execute: msiexec /i ClearPassOnGuardInstall.msi Workaround 2: Use the EXE version of the installer (ClearPassOnGuardInstall.exe) to install OnGuard.
Table 41 Known Issues in OnGuard (Continued) ID Description 15156 VPN configuration is not retained after upgrading to the ClearPass OnGuard Unified Agent using MSI Installer on a 64 bit Windows system. 15233 On Win 7 (64 Bit), upgrading an existing VIA 2.1.1.X to the ClearPass OnGuard Unified Agent can lead to an inconsistent state. Users should first uninstall VIA and then proceed with the ClearPass OnGuard Unified Agent installation.
Table 42 WorkSpace Known Issues in 6.2.5 (Continued) Bug ID Description 12739 Symptom/Scenario: Accessing self-signed certificate Web sites via https does not work with Dolphin for the Aruba App. If the user clicks to accept the certificate when prompted, the page loading process goes into a loop and the screen flickers. Workaround: Add the certificate to the trusted store before accessing the resource. 12752 Symptom: On some devices, the Box app might not show the 'Use' option after capturing a video.
