Aruba Networks, Switching

User tunnel not operational

René Jorissen on January 17, 2020 3 Comments • Tags: #user #userrole

HPE Aruba switches have the concept of user-based tunnelling. In short, the wired connections behave like a wireless connection. All traffic from the wired client is tunnelled to the central controller. This provides functions like central firewalling and micro-segmentation by blocking inter-user traffic. Yesterday I had a customer complaining that multiple clients weren’t able to … Read More

Wireless

Aruba: Split Tunnel with a RAP-5WN

René Jorissen on September 30, 2011 2 Comments • Tags: #apgroup #aruba #networks #profile #rap5 #rap5wn #session #split #tunnel #tunneling #user #userrole #wiredapport #wiredapprofile

Split Tunneling is technique, which is used very often in (SSL) VPN scenario’s. The RAP-5WN access points has multiple Ethernet ports to connect different components, like workstations or printers. You can configure the usual user roles and other settings on these Ethernet ports. You can also configure Split Tunneling per Ethernet port. When using Split … Read More

Proxy

TrendMicro IWSVA – Built-in groups and policies

René Jorissen on November 3, 2010 1 Comment • Tags: #authenticate #builtin #group #iwsva #ldap #user

While configuring a TrendMicro IMSVA appliance I tried to configure different URL filtering policies using built-in Windows Active Directory groups, like “Domain Users” in conjunction with user/group name authentication. Configuring policies with built-in groups weren’t functioning properly. The policies just weren’t matched, while I knew for sure that the user is a member of the … Read More

Configuration Example, Proxy, Security

Change password through LDAPS on ISA server

René Jorissen on August 6, 2008 0 Comments • Tags: #2006 #authority #ca #fqdn #isa #key #ldaps #private #proxy #reverse #set #user

Today I received the question about allowing users to changes his/her password through webmail, whereby webmail is published via an ISA server 2006 reverse proxy. This is possible, but it requires the configuration of LDAPS to authenticate users. I started by configuring a Certificate Authority (CA) on a member server in the domain. During the … Read More