Security

Reply
New Contributor
Posts: 2
Registered: ‎03-19-2016

clearpass - Policy cache timeout

I would like to understand how Policy cahce timeout in server parameters play.

 

I want to implement in such a way that , only whenever there is a change in clearpass onguard posture status , webauth should be sent.

If i set policy cache timeoue value to 24 hours , client get healthy enforcement profile  and endpoint will be updated with policycaceh for 24hours.

Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?

 

eventually i want to achieve only whenever there is a change in clearpass onguard posture status , webauth should be sent. Means, if a user authenticated in the morning, unless there is a posture change, reauthentication shouldnot occur.

MVP
Posts: 4,016
Registered: ‎07-20-2011

Re: clearpass - Policy cache timeout

Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
Yes

The agent backend service should be able to detect the change and send a posture status to CPPM


Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 2
Registered: ‎03-19-2016

Re: clearpass - Policy cache timeout

Thank you!

 

can i have more clarification. what will happen if i set policy cache vlaue to 5 mins and policy cache value to 12 hours ?

 

what  this timeout value actually does ?


Victor Fabian wrote:
Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
Yes

The agent backend service should be able to detect the change and send a posture status to CPPM


Sent from Outlook for iPhone

Victor Fabian wrote:
Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
Yes

The agent backend service should be able to detect the change and send a posture status to CPPM


Sent from Outlook for iPhone



MVP
Posts: 4,016
Registered: ‎07-20-2011

Re: clearpass - Policy cache timeout

can i have more clarification. what will happen if i set policy cache vlaue to 5 mins and policy cache value to 12 hours ?

what this timeout value actually does ?

If a device obtained a healthy posture and got access to the network then In a roaming event (if the agent communication with server is uninterrupted ) the device will be able to rejoin the network without having to run a health check again and get bounce or CoA (using the cache posture for 12 hours)

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: