Reset Search
 

 

Article

KB9628 - How to verify that a Host Checker policy is enforced correctly

« Go Back

Information

 
Last Modified Date8/2/2015 10:05 PM
Synopsis
This article outlines how to verify that a Host Checker policy is enforced correctly during the sign-in process.
Problem or Goal

This article provides instructions on what to check when Host Checker finds a machine to be compliant when it should have failed.  

Cause
Solution
The Host Checker process contains two parts when performing a check.   
  1. The first part is the initial check of the end users machine or the evaluation.  As the user browses to the sign-in page, the initial check runs and checks the end users machine.  This check happens before the end user ever sees the sign-in page. 
  2. The second part is the Requirement and/or Enforcement of the policy.  During a users sign-in process, there are two places that a Host Checker policy can be required.  One is at the Realm level and one is at the Role level. 
  • The Realm level requirement can also be called a Pre-Authentication requirement, because it occurs before the user is prompted for authentication or before the sign-in page presents the user with the login fields.
  • The Role level requirement can also be called a Post-Authentication requirement, because Host Checker runs its check after the user is authenticated and during the role-mapping phase.
Note:  If using Secure Virtual Workspace (SVW) you must enforce the SVW policy at the Realm level as this type of policy requires that the end user be in the Secure Virtual Workspace to be able to login.

To verify that the policy is enforced correctly (either at the realm or role based on how you when you want the restriction enforced) login to the Pulse Connect Secure gateway as an administrator. 

To check for Realm level enforcement:
  • Navigate to Realms > [name of realm]  > Authentication Policy > Host Checker 

    realm
 
  • This will display all the Available Policies, along with check box columns for Evaluate Policies and Require and Enforce

    columns

    The two columns correspond to the two parts of the Host Checker process.  The first column must be checked for any policy that needs to be evaluated, regardless if the policy is required at the Realm or at the Role.  The second column, Require and Enforce, defines which policies will be required at the Realm.

To check for Role level enforcement:
  • Navigate to Roles > <name of role> > General > Restrictions > Host Checker

    role
 
  • The Host Checker role requirement page is displayed:

    role requirement

    The radio buttons at the top of the page determine whether or not a host checker policy is required to be mapped to the selected role. 

    To enforce a policy at the role level, the second radio button must be selected "Allow users whose workstations meet the requirements specified by these host checker policies".  In addition, the policy must be included in the Selected Policies section (see "trent policy" in the example above). 
 
  • At the bottom of the page, there is an option to allow access to the role if any one of the policies passes.

    access 

    This option is used when more than one policy is selected and users must pass at least one of the required policies to be allowed access to the role.
 
  • Note: to require/enforce a policy at the role level, you must also evaluate the policy at the realm level.  For more information on evaluating the policy at the realm level, see the section above on realm level enforcement.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255