Remediating Infranet Controller Host Checker Policies - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Configuring infranet controllers guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

Table of Contents

NSM Infranet Controller Configuration Guide

Documentation

Remediating Infranet Controller Host Checker Policies

174

Specify global Host Checker restrictions. See "Creating Infranet Controller Global Host

Checker Policies (NSM Procedure)."

If you want to implement Host Checker at the realm level and role level, see

"Configuring Infranet Controller Host Checker Access Restrictions (NSM Procedure)."

If you want to create role-mapping rules based on a user's Host Checker status, see

"Configuring Role Mapping Rules (NSM Procedure)."

Remediating Infranet Controller Host Checker Policies on page 174

Executing Host Checker Policies on page 170

You can specify general remediation actions that you want Host Checker to take if an

endpoint does not meet the requirements of a policy. For example, you can display a

remediation page to the user that contains specific instructions and links to resources

to help the user bring their endpoint into compliance with Host Checker policy

requirements.

You can also choose to include a message to users (called a reason string) that is returned

by Host Checker or an integrity measurement verifier (IMV) that explains why the client

machine does not meet the Host Checker policy requirements.

General Host Checker Remediation User Experience

Users may see the remediation page in the following situations:

Before the user signs in:

If you enable custom instructions or reason strings for a policy that fails, the Infranet

Controller displays the remediation page to the user. The user has two choices:

Take the appropriate actions to make his computer conform to the policy and

then click the Try Again button on the remediation page. Host Checker checks the

user's computer again for compliance with the policy.

Leave his computer in its current state and click the Continue button to sign in to

the Infranet Controller. He cannot access the realm, role, or resource that requires

compliance with the failed policy.

NOTE: If you do not configure the Infranet Controller with at least one

realm that allows access without enforcing a Host Checker policy, the

user must bring his computer into compliance before signing into the

Infranet Controller.

If you do not enable custom instructions or reason strings for a policy that fails, Host

Checker does not display the remediation page to the user. Instead, a message

appears telling the user that no additional information has been provided and to

Table of Contents

Remediating Infranet Controller Host Checker Policies - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Remediating Infranet Controller Host Checker Policies

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Table of Contents