ClearPass - Using GMail for SMTP

Using Google Gmail as your ClearPass Messaging SMTP Server

  • Navigate to https://Clearpass_IP/
  • Click on the "ClearPass Policy Manager"
  • Login using user/password = admin/eTIPS123  (use your own user/pw of course)
  • Click the Administration Tab on the left window pane
  • Within the Administration tab, expand "+ External Servers", then click "Messaging Setup"
  • Server name =  "smtp.gmail.com"
  • User Name & Password = your valid Gmail account settings
  • Connection Security = "StartTLS"

  • Next, install most of the root certs you can download from this link https://pki.goog/ otherwise you will see errors like this in your event log
      • Send Error: Could not convert socket to TLS
    • Click the Administration Tab on the left window pane
    • Within Administration tab, expand "+ Certificates", then click "Trust List"
    • Top right of your screen, click "+ Add" and load the "Root CAs" DER files you previously were instructed to download; these will be enabled automatically as you install them
  • You will have to lower your GMail security model or you will get the following error in your event log
    • Send Error: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=X lots of junk X> Please log in via 534-5.7.14 your web browser and then try again. 534-5.7.14 Learn more at 534 5.7.14 https://support.google.com/mail/answer/78754 84-v6sm40676653pfj.33 - gsmtp
      • you can read more about this error at this link
  • You should now be able to send mail messages from Clearpass via smtp.gmail.com

Comments

Post a Comment

Popular posts from this blog

NET::ERR_CERT_INVALID Issues Using AirWave or NetEDIT with Chrome

Image
Using Chrome to login to Aruba Airwave or NetEdit with Unsupported Certificate.   Lately Chrome, Opera, Safari, etc... all but Firefox won't allow connection to ArubaNetworks Airwave with it's self-signed cert installed.  I has this issue with Airwave 8.2.11.  This also works with for similar errors on NetEdit 2.04. There is a workaround for Chrome...  while you are stuck with this issue:   NET::ERR_CERT_INVALID Click anywhere on the rendered page with the error, and simply type: thisisunsafe no need to press enter, just type it in, and you can proceed without probems!!! Credit to Hai Zheng of Twitter for this tip !!! If you think I should add or remove any information from this list, please let me know your thoughts.
Read more

ClearPass - Network Access Control (NAC) based on Windows Client OS Version and Build number

Image
How to manage Windows client network access based on their OS version and build number in CPPM Enforcement Policies Summary:  for enforcement policy to be based on "Windows OS Build version" you will need to implement OnGuard, and via the Health Check Service you will be able to witness the Windows Build version.  You will need to create a new Endpoint record to store these details, then create an Enforcement Profile to store the information in the EndpointDB.  From there you can then use roll mapping policies that reference the build number in your services. From CPPM > Monitoring > Live Monitoring > Access Tracker >  find a relevant Source = WEBAUTH, Service = Health Check Service record and open it to the Input tab Scroll down to the Computed Attributes section, here you can find version information collected by OnGuard agent in the Endpoint such as: Host:      OSArch                x86_64 Host:      OSName                Microsoft Windows 10 Enterprise Ed
Read more