Configuring PPS with McAfee ePO server

The PPS configuration requires defining the McAfee ePO server as a client in PPS. PPS acts as a REST API server for McAfee ePO server.

A high-level overview of the configuration steps needed to set up and run the integration is described below:

•The Administrator configures the basic PPS configurations such as creating an authentication server, authentication realm, user roles, and role mapping rules.

•Configure McAfee ePolicy Orchestrator (ePO) server as a client in PPS. PPS acts as a REST API Server for McAfee ePO server. The REST API access for the admin user needs to be enabled by accessing the serial console or alternatively from the PPS admin UI (Authentication > Auth Server > Administrators > Users > click “admin”, enable Allow access to REST APIs).

•Configure PPS to block/quarantine the endpoint based on the threat prevention policy.

•Configure the Switches/WLC as RADIUS Client in PPS (Endpoint Policy > Network Access > Radius Clients > New Radius Client). Switch should be configured with PPS as a RADIUS server.

•Configure RADIUS return attribute policies to define the action upon receiving the event.

Ensure that PPS has the endpoint IP Address for the enforcement to work correctly.

Admission Control Template

The admission control template provides the list of possible events that can be received from the network security device along with regular expression to parse the message. The template also provides possible actions that can be taken for an event. PPS is loaded with default templates for McAfee ePolicy Orchestrator (ePO).

To view the admission control template in PPS:

1.Select Endpoint Policy > Admission Control > Templates.

Admission Control Client

The admission control clients are the network security devices on which the REST API is enabled. McAfee ePO server forwards the events to PPS through REST API interface.

To add McAfee ePO server as a client:

1.Select Endpoint Policy > Admission Control > Clients.

2.Click New Client.

3.Enter the name.

4.Enter the description.

5.Enter the IP address of the client.

6.Under Template, select McAfee-McAfee ePolicy Orchestrator-HTTP-JSON.

7.Click Save Changes.

A subset of events supported by McAfee ePO server is added in the default template. A new template can be created by Admin and has to be uploaded on PPS for supporting any additional events apart from the one's in the default template.

Admission Control Policies

The admission control policies define the list of actions to be performed on PPS for the user sessions. The actions are based on the event and the severity information received from the network security device.

1.To view and add the new integration policy:

2.Select Endpoint Policy > Admission Control > Policies.

3.Click New Policy.

4.Enter the policy name.

5.Select McAfee-McAfee ePolicy Orchestrator-HTTP-JSON as a template.

6.Under Rule on Receiving, select the event type and the severity level. The event types and the severity level are based on the selected template.

7.Under then perform this action, select the desired action.

•Ignore (log the event) —Received event details are logged on the PPS and no specific action is taken.

•Terminate user session—Terminates the user session on the PPS.

•Disable user account—Disables the user account.

•Replace user’s role with the configured remediation role. For example, Guest, Guest Admin, Guest Sponsor, Guest Wired Restricted, Users.

•Block the endpoint from authenticating the network.