CPPM OnGuard thru Wired
03-06-2018 02:53 PM
im simulating CPPM OnGuard in my lab, my objective is do Health Check on endpoints without placing them on a lobby/quarantine vlan since workstations are in static I.P. im replicating client's network environment.
is it possible to enforce "initial role"when PCs health status is non compliant/unknown and have only limited access? still on same vlan then enforce "full access" once status is healthy?again without changing vlan.
Re: CPPM OnGuard thru Wired
03-08-2018 02:11 AM
You can use the Posture status to return the appropriate role (or ACLs) if the status is UNKNOWN.
Please very carefully test what access you need in that posture unknown state as applications can be starting up already and may throw errors if they can't reach their servers before Onguard has made the posture check, posted results and access has been restored.
For that reason, some customers decide to consider clients healthy untill they get an infected (or other status) message. Limit on UNKNOWN is the most secure of course.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).