We have a requirement to make host checker see if a computer object has been disabled on AD, and therefore should not be allowed to sign in to VPN. Can you please provide some suggestions on how I can get this working? If host checker cannot do this, is there perhaps another way?
Solved! Go to Solution.
We can accomplish this by configuring host checker policies for Predefined Rule : OS Checks and select what OS and minimum service packs can be allowed.
Host checker cannot do this as the HC is run on the end point and not on the AD server.
Junos Pulse cient has machine logon options, please refer admin guide in 7.2 and above.
When you boot up the machine, machine logon will happen and establish the VPN tunnel via Pulse client so if the computer object is disabled, the machine logon via Pulse will fail
The restriction is that with SA/ MAG box, the machine logon will, not work for windows 2008 r2 servers and above though there are plans to support the same in future releases.
Thank you for the response...ok, coming at it another way, could we restrict based on OS version? So can HC see that the computer connecting has Windows XP SP3 (for example), then it won't let it in?