I'm having a very strange issue with HC on my SA's. About once every two weeks any users attempting to log into the VPN fail their Host Checker policy checks. Pre and post auth checks fail and users are either denied access or have reduced rights / roles because of HC restrictions. We have a mix of anti-virus and custom reg / file / process checks, but it only appears to be the AV checks that fail.
The problem seems to be tied to the AV list that we automatically download from Juniper every 60 minutes. Once the problem begins, as soon as the next AV list XML file is downloaded and imported the issue goes away.
I have two SA6500s configured in an active / passive cluster.
I am running IVE OS ver 6.5 R2 and will be upgrading to 7.1R3 soon.
When this issue occurrs anyone trying to sign into the VPN is treated as though their anti-virus software does not meet compliance. We are basically allowing all AV products and mandating that defs be no more than 10 revisions out. We are not enforcing scans.
So far this issue only happens about once every one or two weeks and when it does, I configure the Host Checker automatic AV list updates to run every 3 minutes and then watch the event logs for the next successful av list download and import. Once I see an import, I test the system and verify that it's working again.
It seems to me that the AV list is being corrupted somehow, but we've already ruled out our proxy server and our IPS by bypassing them both.
If every time the HC users sees the issue only after an incomplete AV defination list download by the SA device, then I suggest you create a JTAC case.
we were running in the problem with 6.5R5. the problem occurs when the active node is not the leader. The virus signature update is performed every time by the leader an we were running several times in the described problem.
The only chance for us is to manually failover the Active Node to that one Node who is also the Leader.
Can you agree the above statement, that the problem only occurss when the active node is not the Leader Node ?
Did you solved the problem with an OS update ?