Security

Hello!

Recently I have configured a basic Onguard - Posture policy on our Clearpass to check windows Firewall and some registry state. And it is working fine in general.

But, during on the first WLAN connection of the day the User stucks in UNKOWN(0) posture state and had to rejoin to get in HEALTHY(0). Because the WLAN connection is faster than the Onguard scan, so during the first connection the Posture state is UNKOWN(0) and based on this the client gets the quarantine ACL.

Example log:

What am I missing? How can I configure this to change the client state based on the Posture state change?

Thanks

When using Onguard there is the following dependency:
1. First WLAN dot.1x-Auth - Posture state is UNKOWN, because no status has yet been transmitted by the agent

2. Web-Auth by the agent - posture status is transmitted, a port bounce must occur at this point so that the posture status can be evaluated.

3. Second WLAN dot.1x-Auth - At this point, the dot.1x service must evaluate the posture code. However, it does not see it because the dot1x-wlan service and the web-auth service do not communicate with each other.

The trick is to activate "Use Cached Results" in the Enforcement tab.

Then the dot.1x-Auth service can read the posture code from the endpoint cache. Then everything works as desired.

------------------------------
Regards,

Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Jun 28, 2024 05:02 AM
From: Razovnyik
Subject: Clearpass Onguard problem