Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

301

302

303

304

305

306

307

308

309

310

306 | Enforcement Dell Networking W-ClearPass Policy Manager 6.5 | User Guide

The following table describes the Agent Enforcement - Attributes tab parameters:

Attribute Parameter

Attribute Name Select one of the following attribute names:

l Bounce Client - Set the value to true by checking the box to terminate the network

connection.

l Message - Enter the message that needs to be notified on the endpoint.

l Enable to hide Retry button - Set the value to true to hide the Retry button in the

OnGuard Agent.

l Enable to hide Logout button - Set the value to true to hide the Logout button in the

OnGuard Agent.

l Health Check Interval (in hours) - Specify the health check interval value in hours for

different Agent Enforcement Profiles for different users. The allowed range is of 0 – 1000

hours. For example, you can create Student-Enforcement-Profile with a value of 8 hours and

Staff-Enforcement-Profile with a value of 48 hours. The value configured in the Health

Check Quiet Period (in hours) field in the Agent Enforcement Attribute tab takes

precedence over the value configured in the Global Agent Settings field. If both the values

are configured, then the Agent Enforcement Attribute value is used by OnGuard Agent.

The value of the Policy result cache timeout (path: Administration > Server Manager >

Server Configuration > Cluster-Wide Parameters > General tab) field must be greater than

the highest value of all the Health Check Interval (in hours) field values. For example, if

you have created the profiles Student-Enforcement-Profile and Staff-Enforcement-Profile

with health check interval configured, then the value of the Policy result cache timeout

field must be greater than the highest value of Health Check Quiet Period (in hours)

configured in the following fields:

n Global Agent Settings

n Student-Enforcement-Profile

n Staff-Enforcement-Profile

Note the following information when you set the OnGuard Health Check Interval

parameter:

n You can set this parameter if OnGuard mode is set to health only.

n This parameter is valid only for wired and wireless interface types.

n This parameter is not applicable for the OnGuard Dissolvable Agent, VPN, and other

interface types.

l Session Timeout (in seconds) - Configure the agent session timeout interval to re-

evaluate the system health again. OnGuard triggers auto-remediation using this value to

enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined

based on session-time out value. You can specify the session timeout interval from 60 – 600

seconds. Setting the lower value for session timeout interval results numerous

authentication requests in Access Tracker page. The default value is 0.

Attribute Value Set the value depends on the selected Attribute Name.

Table 164:

Agent Enforcement - Attributes Tab Parameters