cancel
Showing results for 
Search instead for 
Did you mean: 

SA 2500 and Remediation Page

gleb185_
New Contributor

SA 2500 and Remediation Page

Hi guys,

 

I am trying to configure host check to evaluate policies.

Everything seems to be OK except SA does not show any custom redemiation page when a pc fails to comply with host checker policies.  are anabled under the policy. What can be a problem?

 

Thanks a lot!

 

Gleb.

 

 

10 REPLIES 10
zanyterp_
Respected Contributor

Re: SA 2500 and Remediation Page

+1 to what kita said; apologies for not expanding further previously
Kita_
Valued Contributor

Re: SA 2500 and Remediation Page

Hello Gleb,

I hope you have found a solution, but I did want add to the thread because I believe I understand the issue after responding to another thread.  If you are utilize the custom experience for hostCheckerPolicy to map to a specific role for a pass and fail scenario, this issue would occur.  Since the SA is making the decision for the end user, no remediation page will be displayed.  

I was able to get the remedation page to display if I mapped the user to the same role (both pass and fail).  In the pass role, host checker was required.  In the fail role, host checker was not required.  Since the end user is mapped to both roles, the SA will prompt with the remediation page which will give the end user a chance either to resolve the issue or continue which they will only be mapped to the failing role. 

I hope this helps.

Kita_
Valued Contributor

Re: SA 2500 and Remediation Page

It sounds like you have everything you need.  What appears on the screen when HC fails?  What version of the SA software are you running?

gleb185_
New Contributor

Re: SA 2500 and Remediation Page

Hi Kita,

 

Absolutely nothing a user is forwarded to login page as usual. But in logs I can see that a user fails to comply with a security policy. Hostchecker popuop windows in notification is there. 

 

7.2R8 (build 23551)

 

 

Gleb.

 

Kita_
Valued Contributor

Re: SA 2500 and Remediation Page

I tried replicating the issue in 7.2R8 and could not see the issue.  I did find a previously reported issue with similiar symptoms, but this was under the scenario they were trying to send SSO data to the SA device.  Could you give more details how the SA device is configured and if there are any special circumstances I should be aware of?

gleb185_
New Contributor

Re: SA 2500 and Remediation Page

Hi Kita,

 

Under User Realm - Authentication Policy - Host Checker  I checked Evaluate ALL  Policies

Endpoint Security - Host Checker  I have configured 2 policies for example one is Antivirus Policy

Then under the Antivirus Policy I have created a rule to  check Antivirus existance

A also selected and wrote a custom message.

But this message is not being shown before login screen to users who do not meet the antivirus requirements.

 

If I apply this under User Role not User Real the custome message is displayed but in this case they are not allowed to login as long as their PC do not meet the policy requirements.

 

HTH

 

Thanks

Kita_
Valued Contributor

Re: SA 2500 and Remediation Page

I am not able to replicate this issue in the lab per your description.  Can you please open a JTAC case and provide a copy of your system and user configuration?  This will help speed up the replication process and resolution time.

NAJAM_
Not applicable

Re: SA 2500 and Remediation Page

Yes. Thank you.

zanyterp_
Respected Contributor

Re: SA 2500 and Remediation Page

Yes, this is correct: if you pass ANY of the policies, you will be allowed through without seeing the message.