Good morning all,
Working with a customer on an OnGuard wired deployment with Cisco switches, but having some trouble. So we are pushing the OnGuard Persistent Agent out to all domain machines to verify health. However, it's possible a user doesn't get the agent or connects with non-domain device. We want them to still get access if their healthy.
We currently have CPPM configured to recognize health, if healthy then VLAN 104, if quarantined then VLAN 444, if unknown VLAN 104 w/ redirect ACL. When we have an unknown client (even with OnGuard agent installed), we see the initial authentication (unknown health), then the health check appears to take place and see's them as healthy, but we never have a re-authentication. Normally I would say it's a COA issue, but COA works when we manually try it or disable the redirect ACL. It appears that Onguard completes all connections except the control channel communication, which points me toward the port 25427 for backend communication, but not sure if it's the root issue. Again, this works flawlessly without the redirect ACL.
Anybody have any ideas?
Thanks.