10-05-2017 08:03 AM
Hi,
Tried to implement 1 day Posture lease time with 4 hours PrA.
If I switch on Reassessment Enforcement, and re-connect a Compliant machine again to net,
it is force a posture check every time.
At ISE posture logs I see a Compliant entry ("Bypass posture since the endpoint is compliant" ),
but immediately afterwards I see a
PRA INFO: PRA is starting
and after this the client preforms a complete re-check.
Why?
Solved! Go to Solution.
10-21-2017 04:34 PM
What you are seeing is expected. Since the initial posture is by-passed due to posture lease, the user will get compliant access right away and then PrA will kick off in place of the initial assessment to start off the timer.
10-05-2017 11:54 AM
Hi.
Please make sure the you have a authz policy with condition that includes session: Agent-request-type = Periodic reassessment.
Periodic reassessment requires machine to be compliant and also choose the appropriate option when configuring Periodic reassessment
from Administration>System>Setting>Posture>Reassessment, choose the enforcement type continue.
Thanks
Krishnan
10-21-2017 04:34 PM
What you are seeing is expected. Since the initial posture is by-passed due to posture lease, the user will get compliant access right away and then PrA will kick off in place of the initial assessment to start off the timer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: