All Topics » Pulse Policy Secure



Host checker issue


divyaskumar
Contributor (11)
Oct 16, 2014 12:18am

Hi

 

We are doing hostchecking for mcafee antivirus update. The issue thats happening is randomnly a user after restarting or logging off , and on loggin in find out that they are disconnected from the network and in the OAC it shows open and authenticated and gets the proper vlan IP but IC status information area , it shows disconnecting /connecting/terminated and keeps showing that without establishing session with IC and IC ip is showing 0.0.0.0 and compliance information is shown "security policy not met' thoguh the required policy is actually met when checked in the antivirus. But if i just log off again and log in ...it will start working.This happens very randomnly and the same person doesnt face the issue when next time issue is seen.

We have raised issue with JTAC but no results yet and its been long we are trying find out what is happening.There is a remediation VLAN.If the security policy not met , then it does go to remediation vlan but at certain cases the IC keeps showing Disconnecting...but later on after a restart ..it starts working.

 

We are doing host checking at realm and role level.Same policies are kept at both level. I am attaching the screenshots, kindly help me out.

 

We are using SM MAG series 160.This is happeing in windows machines(windows 7 enterperise) .We have rolled out to  10 sites and this starts happening after one one month of finishing rollout.




divyaskumar
Contributor (11)
Oct 22, 2014 3:01am

Any one has any idea??

divyaskumar
Contributor (11)
Oct 22, 2014 3:16am

In the user access logs we have found out that the IC is trying to assign it to to remediation vlan by senting attribute vlan id.But the switch is taking ip from  the production vlan.The switch is a Cisco switch but no issues is seem to happen with the cisco legacy switches.We have given the aaa authorization command required for vlan assignment as per attributes given by the radius. But still session with IC from client keeps disconnecting and the client receives IP from the normal VLan instead of the remediation vlan.

 

Also the host checking is nt working properly. 

 

2014-10-21 07:41:59 - ic - [127.0.0.1] QMAnalshouli(Corporate)[] - Host Checker policy 'Antivirus_Check' failed on host   for user 'QMAnalshouli'. Reason: 'Rule-Mcafee8.7:Anti-Virus software listed in security requirements is not installed.;Rule-Mcafee8.8:McAfee VirusScan Enterprise 8.8.0.1247 does not comply with policy. Compliance requires real time protection enabled.'

 

It checks for feature not configured in the policy as you can see here , we haven't enabled real time protection but still in the logs we can see its checking and also the Client machine is update and have latest mcafee but still, host checking fails .

 

This happens randomnly for random users when the user restarts or loggs off but once i connect and disconnect the odyssey, it starts working properly. We cant even replicate the issue to check why the issue is occuring.