Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Host Checker] Using Patch Assessment & OS Check at the same time

Tib_
Occasional Contributor
‎02-04-2011 06:05:AM
‎02-04-2011 06:05:AM

[Host Checker] Using Patch Assessment & OS Check at the same time

Hi,

We're running an SA platform using IVE OS 6.5. Right now we're using Host Checker to check several things, and among them are OS Check and Patch Assessment.

Right now our configuration is quite simple, we have 2 rules:

- OSCheck: It allows only a few version of Windows (XPSP2, 2000SP4, VISTASP1, etc...)

- PatchCheck: It allows only computers with the specified patches installed on the system.

Now the question is as follow:

Let's say there is a patch that exists only for Windows Vista, and that we add it to the rule PatchCheck. If there is a user on Windows XP (who can't possibly have this patch on its computer) who wants to connect to the SA, is he going to be denied ? Or is the Host Checker going to do a "smart" check on the computer ? (meaning that the Juniper knows this patch can't be present on a XP client, and therefore will allow the computer).

Thanks for your advices.

Regards,

TIb

0 Kudos
Reply
4 REPLIES 4
henke_
Occasional Contributor
‎02-04-2011 08:11:AM
‎02-04-2011 08:11:AM

Re: [Host Checker] Using Patch Assessment & OS Check at the same time

Hello,

Perhaps you could use a Custom 'Require' for the rules within the Host Checker policy instaed of 'All of the above rules' or 'Any of the above rules'.

Say you have your Host Checker policy containing 4 rules:
OSCheck-XP
PatchCheck-XP
OSCheck-Vista
PatchCheck-Vista

You could, in theory, have a custom rule requirement as
(OSCheck-XP AND PatchCheck-XP) OR (OSCheck-Vista AND PatchCheck-Vista)

I have never tried it so in theory...

Henrik.

0 Kudos
Reply
Tib_
Occasional Contributor
‎02-07-2011 08:26:AM
‎02-07-2011 08:26:AM

Re: [Host Checker] Using Patch Assessment & OS Check at the same time

Hi,

Thanks for replying. However your response is assuming the fact that HC is just doing a basic check of the patches without worrying about the user's OS. Is this really the case ?

Tib

0 Kudos
Reply
henke_
Occasional Contributor
‎02-08-2011 02:34:AM
‎02-08-2011 02:34:AM

Re: [Host Checker] Using Patch Assessment & OS Check at the same time

By using the logical statements in the custom require, you should be able to 'link' the OS check to the specific patch check you're interrested in for that OS.

(OS_Check_XP AND Patch_Check_XP)
OR
(OS_Check_Vista AND Patch_Check_Vista)

The 'Patch_Check_XP' (or Vista) could then check for a set of specific patches.

I added a little screen that might show what I mean.

Again, I have not tried this but in theory it should work...

Henrik.

0 Kudos
Reply
Tib_
Occasional Contributor
‎02-10-2011 02:25:AM
‎02-10-2011 02:25:AM

Re: [Host Checker] Using Patch Assessment & OS Check at the same time

Thanks for the effort but that's not really the question

I've been running some test on a lab I made, it seems that HC is doing a smartcheck. Meaning that if I'm running XP, it won't force any patch related to other OS. I need to do some more test to confirm this behaviour, but it's the working behaviour, this simplify a lot the configuration.

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.