![]() Geographic zones, it is not necessary to share all of this run-timeįor example, when endpoints present in one geographical area are not likely WAN is a telecommunications network or computer network that extends over a large geographical distance. In a deployment where a cluster spans WAN Wide Area Network. Policy Manager uses this run-time state information to make policy decisions These run-time statesĬonnection status of all endpoints running OnGuardĮndpoint details gathered by OnGuard Agent Of run-time states across all nodes in a cluster. Policy Manager shares a distributed cache These decisions will be the basis for the Policy Manager posture policy that you will configure later in this chapter (see Configuring Posture Policies). What results will be required to return a Healthy Token What health checks need to be performed on the end system(s) Which end systems the OnGuard agents will be installed on Defining the Posture Policyīefore you configure the posture policy, determine the following elements: This section describes the Policy Manager configuration required for configuring OnGuard authentication. ArubaOS switch configuration ClearPass Configuration Define the posture policy (see Defining the Posture Policy below).ģ. The following Policy Manager components must be configured to configure OnGuard:ġ. For example, when the macOS operating system is selected, the available health checks do not include "Windows Hotfixes" or "Registry Keys" as possible checks for OnGuard to perform. Some health checks are not applicable on all operating systems. The persistent and dissolvable agents perform the same health checks, but auto-remediation is only available with the persistent agent.ĭepending on the operating system where OnGuard is installed, there are multiple health checks that can be performed by the OnGuard agent. The latest health posture token can be used by Policy Manager services. Automatic remediation services are also available for noncompliant devices.īoth the persistent and dissolvable agents cache the health results in the Endpoint Database. You can use information provided by the OnGuard agent about endpoint integrity (such as status of antivirus, firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., and peer-to-peer applications) to enhance authorization policies. Policy Manager OnGuard performs advanced endpoint posture assessments by running checks on the endpoints that are attempting to gain access to the network. One or more of these posture methods can be associated with a service. All of these methods return posture tokens (for example, Healthy, Quarantine) that Policy Manager uses to provide input into enforcement policies. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access. The NAP Agent is a service that collects and manages health information for NAP client computers. The NAP feature in the Windows Server allows network administrators to define specific levels of network access based on identity, groups, and policy compliance. Policy Manager provides several methods for assessing the health posture of clients requesting access: OnGuard Agents, NAP Network Access Protection. to an ArubaOS switch.įor detailed information about the OnGuard health checks for Windows, macOS, and Linux, refer to "Configuring Posture Policy Agents and Hosts" in Chapter 6, "Posture Policies and Audit Servers" in the Policy Manager 6.11 Policy Manager User Guide. ![]() This section describes a basic OnGuard deployment using the persistent agent to provide posture checks on centrally managed Windows devices that are connected via Ethernet Ethernet is a network protocol for data transmission over LAN. This section contains the following information:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |