Implementing Infranet Controller Host Checker Policies (Nsm Procedure); Checker - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual
Configuring infranet controllers guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01:
- Manual (444 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
NSM Infranet Controller Configuration Guide
Related
Documentation
Implementing Infranet Controller Host Checker Policies (NSM Procedure)
Restricting Infranet Controller and Resource Access Through Host Checker
172
If Host Checker returns a different status during a periodic evaluation, the new status
can change the assigned roles. The Infranet Controller then pushes the role and policy
information to the Infranet Enforcer and Odyssey Access Client, which could prevent
the user from accessing the protected resource.
With either a success or failure, Odyssey Access Client or Host Checker remains on the
client. Windows users can manually uninstall Odyssey Access Client from the control
panel.
If you enable client-side logging through the Infranet Controller, then the directory where
Odyssey Access Client is installed contains a log file, which the Infranet Controller appends
each time Odyssey Access Client or Host Checker runs.
You may specify that the Infranet Controller evaluate your Host Checker policies only
when the user first tries to access the realm or role that references the Host Checker
policy. Or, you may specify that the Infranet Controller periodically reevaluate the policies
throughout the user's session. If you choose to periodically evaluate Host Checker policies,
the Infranet Controller dynamically maps users to roles and instructs the Infranet Enforcer
or Odyssey Access Client to allow users access to new resources based on the most
recent evaluation.
Use a Host Checker restriction to require client machines to meet the specified Host
Checker policies to access an Infranet Controller sign-in page or be mapped to a role.
Implementing Infranet Controller Host Checker Policies (NSM Procedure) on page 172
Remediating Infranet Controller Host Checker Policies on page 174
Implementing Infranet Controller Host Checker policies involves:
Restricting Infranet Controller and Resource Access Through Host Checker on page 172
Configuring Host Checker Restrictions on page 173
After you create global policies, you can restrict Infranet Controller and resource access
through the Host Checker in a policy or role:
Realm authentication policy—When administrators or users try to sign in to the Infranet
Controller, the Infranet Controller evaluates the specified realm's authentication policy
to determine if the preauthentication requirements include Host Checker. You can
configure a realm authentication policy to download Host Checker, launch Host Checker,
and enforce Host Checker policies specified for the realm, or not require Host Checker.
The user must sign in using a computer that adheres to the Host Checker requirements
specified for the realm. If the user's computer does not meet the requirements, then the
Infranet Controller denies access to the user unless you configure remediation actions
to help the user bring his computer into compliance.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
