Security

Reply
Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

How to change agent check timeout

Hi

I have agents installed in clients devices.
The authentication type used is machine auth, and agent installed for healthcheck.
I set the authentication timeout every 24 hour, but the agent sometimes doing healthcheck before this timeout expire and without any changes in clients connections or healthy status, which causing disconnections in clients because clients assigned to quarantine VLAN temporarly.

So is there a settings to change the agent check timeout?
Mahmoud
MVP
Posts: 978
Registered: ‎04-13-2009

Re: How to change agent check timeout

hc.jpg

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

Re: How to change agent check timeout

Thanks...

What is the default timeout value for healthcheck?

Also what is the "Keep-Alive Interval" option for?

 

 

Mahmoud
MVP
Posts: 978
Registered: ‎04-13-2009

Re: How to change agent check timeout

I'm not sure what the default health check interval is.

 

From the userguide:

 

OnGuard Health Check Interval (in hours): Specify the number of hours that OnGuard will skip health checks for healthy clients.

NOTE: Note the following information when you set the OnGuard Health Check Interval parameter:

 You can set this parameter if OnGuard mode is set to health only.
 This parameter is valid only for wired and wireless interface types.
 This parameter is not applicable for the OnGuard Dissolvable Agent, VPN, and Other interface types.

You can also specify the health check interval in the Agent enforcement (Configuration > Agent enforcement > New attribute) profile to create different Agent Enforcement Profiles for different users

 

-------

 

Keep-alive Interval (in seconds): Specify a keep-alive interval for OnGuard agents.

The connected OnGuard Agents periodically send heart-beat (Keep-Alive) messages to ClearPass Policy Manager. This interval is defined by the Keep-alive Interval (in seconds) parameter. The default value is 60 seconds.

ClearPass uses Keep-Alive messages to:

 Update the status of OnGuard Agents regarding OnGuard Activity.
 Issue CoA (Change of Authorization) for a Session Restrictions Enforcement Profile if OnGuard Agent is disconnected:
 Session-Check > Agent-Connection = Down
 Post-Auth-Check > Action = Disconnect

For related information, see Session Restrictions Enforcement Profile.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: