I have a query about UAC. I have two roles. One is the "Users-Trust" and Second is the "Users-Wireless". Users-Trust role is for users who connected via network cable using Junos Pulse. User-Wireless role is for users who connected via wifi devices and the role is configured as Agentless.
The users with Users-Trust role have resource access policy with allow everything and I control thier accesses on SRX firewall on the basis of thier source ip addresses. However I configure the resource access policies for Wifi users as deny all the corporate network access and allow only direct internet access with cap portal.
Now the issue is as user connect on Cable he get the role "Users-Trust" and start using network resources. Later on user disconnect the cable and connect to wifi and as his session remains on UAC he starting using his same session with the new ip address (wifi dhcp ip). and start using the resources allow only to specific wifi users. I also configure role mapping policies for User-Wireless role allow this role only for specific users and not allow everyone.
As I understand when user switched to wifi his source ip is changed but his session was remain exist on device. UAC will not check user credientials/roles and start using the same session with new ip address.
I want to not allow user to use same session on UAC when his ip address is change.
Can any one help me......