This article talks about creating a Web Authentication service on CPPM to do health checks for clients.
Environment : This applies to CPPM 6.2 and greater
Configuration Steps : Prerequisites
The Quick Connect application must be installed on the client machine. This can be pushed to the clients by a third party source or hosted over a Internal web page.
Configuration on CPPM:
Login to CPPM and navigate to "Configuration » Posture » Posture Policies" and create a new Posture Policy.
We can fill the details as shown above and configure the Posture plugin based on our requirement. In this example we will restrict to Windows 7 only and disable the USB port on it. Below are the steps to enable this.
Navigate to "Posture Plugin" tab and configure the "ClearPass Windows Universal System Health Validator" and enable check for windows 7.
Similarly we have more options to do a health check based on our requirements
The above option "Disable USB Mass Storage Device" will disable the USB port on the Windows 7 machine if a Mass Storage device is plugged into it.
Add Rules as shown below.
Save the Posture Policy as shown below.
Now navigate to "Configuration » Start Here" and select the "Web-based Health Check Only" template.
Selecting the above option will create a service as shown below.
Enable "Posture Compliance" by checking the check box.
Under Posture section, select the posture policy we created.
Select the default Enforcement Policy and save the Service.
NOTE: We can also customize this bases on our requirements. Below is an example.
We can create a new Enforcement Profile as shown below and then map it to a Enforcement Policy.
Similarly we can create a new profile for non healthy user and them map them to our Policy.