Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
731732733734735736737738739740
734 | Configuring Processing for Ingress Events Dell Networking W-ClearPass Policy Manager 6.6 | User Guide
Configuring the Ingress Receiving Ports
The ingress receiving ports are the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
ports on the W-ClearPass server where the events source sends threat-related events.
By default, the ingress receiving port is 514 for both TCP and UDP. You can modify the ingress receiving ports
to a custom value as necessary.
To confirm or change the ingress receiving ports on the W-ClearPass server:
1. Navigate to Administration > Server Manager > Server Configuration.
2. From the list of W-ClearPass servers, select the appropriate server.
The Server Configuration page opens.
3. Select the Service Parameters tab.
4. From the Select Service drop-down, choose Ingress syslog service as shown in Figure 727.
Figure 727: Selecting the Ingress Syslog Service
As you can see in Figure 727, the parameter value for both the TCP and UDP receiving ports is set to the
default value of 514.
5. If you wish to modify the parameter values for one or both of the receiving ports, enter the new value(s).
6. When satisfied with the settings, click Save.
Configuring an Event-Based Enforcement Service
This section provides the following information:
l Introduction
l Adding an Event-Based Enforcement Service
l Associating the Enforcement Service with an Enforcement Policy
Introduction
This section describes how to add the Event-Based Enforcement service that manages enforcement actions
in response to threat-event processing.
When there is a suspicious user, this user could represent a common DOS attack or some other threat. When a
threat is detected, W-ClearPass performs enforcement operations as configured, for example, executing a
change of authorization ( COA ) to disconnect a suspicious user from the network.