Hi all,
I'm looking to make some adjustments to how we have our PacketFence NAC
solution setup which is controlling our eduroam wireless network. To start
with, please let me explain our workflow:
User connects to open SSID, where they are redirected to our wifi setup portal
containing several provisioning tools and user guidance. To do this I've edited
the login.html page to redirect all users to this setup site, removing all
manual registration procedures from the registration network.
Once the user device is configured, and they connect to eduroam, PacketFence
auto-registers the device and the user is successfully on the network.
What I'm wondering is if it would be possible to put a time limit on the
registration network, so that if a device sits in the registration network for
(let's say) one hour, a violation is triggered. This violation directs users
towards a page that explains that they either need to set their device up for
the main eduroam network, or they need to tell their device to forget the setup
network. This is because we see a lot of devices entering our captive portal,
despite the fact that they are also configured for the main eduroam network. If
the violation is triggered (let's say) three times, the device is then blocked
from the registration network using a radius vlan set to -1.
- My first question, is it possible to trigger one violation from
another? I.e. when the captive portal access duration violation is triggered
for the third time, PacketFence then triggers another violation which blocks
the device from the network.
- Secondly, is it actually possible to set a per-device time limit on
the registration network?
Another thing I'd like to do would be to expire registered nodes that haven't
been seen on the network for (let's say) 90 days, after which they are
unregistered. Then, unregistered devices with no activity are cleared from the
database every (let's say) 7 days. I'm pretty sure that this used to be
possible back with PF version 3.x, but I can't seem to do this with version 5.
This would likely help with our DB table size.
Also, I'd like to get PacketFence integrated with our Security Onion IDS setup
to automate some violations, which I see is now possible with the latest
version. The plan is to have different PacketFence environments per campus, but
only one IDS server. My questions here are, is it possible to get the IDS
sending the alerts to more than one PacketFence server (I appreciate that's
probably a question more for Security Onion), and if so, what would happen if
the IDS sent an alert to a PacketFence server set to trigger a violation for
that signature, but the violating node isn't in that PacketFence environment.
e.g.
IDS sends all traffic to two servers: pf1 and pf2
Both servers have a violation set for rule ID 123456
Traffic is seen that triggers rule ID 123456 and both
PacketFence servers react to isolate the offending device, however pf2 doesn't
have any record of the device in its database. Does it just carry on and ignore
the trigger, or will something strange happen?
As always, thanks everybody for your time and input. I do have the invaluable
commercial support from Inverse, but I wondered if the wider PacketFence
community had any potential solutions here.
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: amor...@cardiffmet.ac.uk<mailto:amor...@cardiffmet.ac.uk>
--------------------------------------
________________________________
[Cardiff Metropolitan University - 150 years of nurturing
talent]<http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
