Security

Reply
Contributor I

CPPM OnGuard thru Wired

Hi to all,

im simulating CPPM OnGuard in my lab, my objective is do Health Check on endpoints without placing them on a lobby/quarantine vlan since workstations are in static I.P. im replicating client's network environment.

is it possible to enforce "initial role"when PCs health status is non compliant/unknown and have only limited access? still on same vlan then enforce "full access" once status is healthy?again without changing vlan.

TIA :)



Re: CPPM OnGuard thru Wired

What type of switch are you using



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: CPPM OnGuard thru Wired

im using hp 1920 .capable of 802.1x

Re: CPPM OnGuard thru Wired

You can use the Posture status to return the appropriate role (or ACLs) if the status is UNKNOWN.

 

Please very carefully test what access you need in that posture unknown state as applications can be starting up already and may throw errors if they can't reach their servers before Onguard has made the posture check, posted results and access has been restored.

 

For that reason, some customers decide to consider clients healthy untill they get an infected (or other status) message. Limit on UNKNOWN is the most secure of course.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: