OnGuard with MAC Auth Service
a week ago
I am hoping this is an easy one, but I couldn't find any documentation on this. Can posture tokens be used to determine enforcement during a MAC authentication? I have OnGuard configured and it is reporting HEALTHY tokens back to CPPM on the WebAuth OnGuard service, but when that same client hits the MAC auth, their posture is showing as UNKNOWN. I do have the box checked in the enforcement policy to use cached roles and attributes.
Re: OnGuard with MAC Auth Service
It definitely works. I just tested this in my lab for a wireless MAC Auth.
The Enforcment Policy to use is Tips:Posture EQUALS HEALTHY --> Assign a role.
You can also use a COA where you send a role instead of a disconnect in the WEBAUTH itself which is a much better flow and user experience.