Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Host checker processing applying policy to group even though the policy isnt checked

miked_
Contributor
‎07-26-2011 08:00:AM
‎07-26-2011 08:00:AM

Host checker processing applying policy to group even though the policy isnt checked

Wehave several realm level HC policies, most for end users but one for IT which is different than those of end users. At the top level of the realm HC is set to eval all of the policies which is how it is supposed to be setup, and then at the user group for IT we have just the HC policy that applies to IT set as a enforce.

In the role mapping, we have the IT group listed and then set to STOP processing rules. However we see that HC is applying and enforcing a role ontot he IT group that doesnt even apply. Any ideas?

0 Kudos
3 REPLIES 3
zanyterp_
Respected Contributor
‎11-19-2007 08:40:AM
‎11-19-2007 08:40:AM

Re: Host checker processing applying policy to group even though the policy isnt checked

When you refer to a role being applied that is not for the IT group, do you mean users are mapping unexpectedly to a role OR that Host Checker is running ALL policies for all users on the realm?

If the latter, this is correct: Host Checker must evaluate for all connections, there is no "stopping" the evaluation process.

For the role mapping, do you have the IT role as the first evaluation and then a stop?

0 Kudos
Kristof_
Contributor
‎06-17-2011 12:07:PM
‎06-17-2011 12:07:PM

Re: Host checker processing applying policy to group even though the policy isnt checked

Hello Mike,

Please note that HC is just a tool that is checking your client for several configurations to be in place :

- if you have the right AV

- if your part of a domain and so on

...

At realm level you can set them to evaluate but the purpose of this is to later use the results this host checker evalutions (wether they are successful or not does not matter)  for either :

- role mapping (via custom expressions)

- restrictions on getting a role are not

- restrictions to a specific resource.

I hope this helps.

Kristof


0 Kudos
VVJ_
Contributor
‎07-26-2011 08:31:AM
‎07-26-2011 08:31:AM

Re: Host checker processing applying policy to group even though the policy isnt checked

A policy trace should tell us the exact HC policies and roles that are being applied. I believe it should help atleast narrow down the issue.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.