View Only
last person joined: 12 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

OnGuard - Cached Results - Catch22

This thread has been viewed 7 times
  • 1.  OnGuard - Cached Results - Catch22

    Posted Jan 21, 2022 09:09 AM
      |   view attached
    Looking for advice on how to integrate health checks with what I use as a standard 8021x policy for a windows domain environment. What I call standard is  looking for Machine Auth condition before allowing access to the network. This works fine until I combine it with health. Once I tick the "Used cached roles and posture from previous sessions", the Machine Auth condition (#2 in my example) will not get hit if a user logs onto a computer (which Caches the "User Authenticated" role) and then logs off or reboots within the health cache timeframe. So when they log off, the computer performs it MAchine AUthentication but will match condition #1 in my example as the "User Authenticated" is still cached and valid.

    Maybe this is really a non issue ​as this would not happen to often but it is a realistic scenarion. We are also looking at extending the default 5 minute cache for other reasons which would exasperate this behavior. 

    Thoughts on what others do? 

    Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador