You can use role-mapping to assign different roles for MAC and Windows users authenticating against the same realm and on the Windows role you can enable the Host Checker which would check for the AV software status. At the Realm level you can use a HC that detects Windows OS, so all clients passing this can be mapped using Custom Expression in the Role Mapping to the Windows Role. To detect MAC clients, you can use either a HC policy that checks for a specific port, process or file on the MAC or test the User-Agent string sent by the browser (which could be faked by Windows users attempting to by-pass the restriction on Windows users to have an up-to-date AV.) and use those results in the Role Mapping for MAC users. See the HC Guide for more details on configuring Host Checker.
... View more
Hello team: My SSL concentrators are configured as an Active/Passive cluster. I turned on a sniffer to trace a session from the concentrator (the internal interface) to internal web resources, and found that the Active concentrator innitiates sessions with its real IP instead of the internal VIP. ¿Is this normal behavior? I want to be sure, since I have to configure policies in the firewall located between the SSL concentrator and the internal resources. Your kind answers will be greatly appreciated. Best regards, Rogelio
... View more