We enabled airwatch to dump data to our clearpass server but wanted to block access to devices that haven't checked in to the airwatch server within 5 days. We are using the Endpoint:Last Check In variable
We have the timesource setup as:
SELECT (EXTRACT (EPOCH FROM NOW() - interval '5 days'))::int AS Minus5Days;
and the service set to:
(Endpoint:Last Check In GREATER_THAN %{Authorization:[Time Source]:Minus5Days}) with a role that sets it to fail
I think we might have messed up the extract command but we can't figure it out.
anyone have any ideas?