I am a newbee to SSL VPN. Please excuse if this question has already been answered in this forum.
I have enabled Host checker to evaluate the enduser's OS, antivirus etc. Based on the documentation, it appears that there are two stages pre-authentication and post-authentication. How do I enable Host checker for post-authentication only? I do not want Host checker to be enabled for pre-authentication. Please advise.
Currently, irrespective of whether I have host checker enabled at the realm and role levels, host checker performs pre-authentication checks. I would appreciate any help regarding this.
Thanks in advance.
In your user realm, go to the "Authentication policy" tab, then "Host Checker", and set the policy to "Evaluate", unticking "Require and Enforce". The host checker won't launch until successful authentication.
You can then use role restrictions to steer people to roles depending on which host checker policies passed, or use custom expressions to map people into roles depending on the value of the hostCheckerPolicy variable.
Thank you for the information. I managed to create a separate sign-in page which does not load the Host Checker during pre-authentication phase.
When I have multiple realms mapped to the same sign-in page, if I have "Require and Enforce" at least on one realm, it loads host checker during pre-authentication phase for all realms.
I am not well versed with custom expressions yet since I am still getting acquainted to this.