Cisco Cisco Clean Access 3.5
8-17
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Configure Policies for Agent Temporary and Quarantine Roles
Configure Policies for Agent Temporary and Quarantine Roles
This section demonstrates typical traffic policy and session timeout configuration needed to:
•
•
See
for further information.
Configure Clean Access Agent Temporary Role
Users who fail a system check are assigned to the Clean Access Agent Temporary role. This role is
intended to restrict user access to only the resources needed to comply with the Clean Access Agent
requirements.
intended to restrict user access to only the resources needed to comply with the Clean Access Agent
requirements.
Unlike quarantine roles, you cannot have more than one Clean Access Agent Temporary role (Agent
Temp Role) in the system at once. The role can be fully edited, and is intended as single point for
aggregating the traffic control policies that allow users to access required installation files. If the
Temporary role is deleted, the Unauthenticated role is used by default. The name of the role that is used
for the Temporary role (in addition to the version of the Agent) is displayed under Device Management
> Clean Access> Clean Access Agent > Distribution.
Temp Role) in the system at once. The role can be fully edited, and is intended as single point for
aggregating the traffic control policies that allow users to access required installation files. If the
Temporary role is deleted, the Unauthenticated role is used by default. The name of the role that is used
for the Temporary role (in addition to the version of the Agent) is displayed under Device Management
> Clean Access> Clean Access Agent > Distribution.
Both session timeout and traffic policies need to be configured for the Temporary role. The Temporary
role has a default session timeout of 4 minutes, which can be changed as described below. The
Temporary and quarantine roles have default traffic control policies of Block All traffic from the
untrusted to the trusted side. Keep in mind that while you associate requirements (required packages) to
the normal login roles that users attempt to log into, clients will need to meet those requirements while
still in the Temporary role. Therefore, traffic control policies need to be added to the Temporary role to
enable clients to access any required software installation files from the download site(s).
role has a default session timeout of 4 minutes, which can be changed as described below. The
Temporary and quarantine roles have default traffic control policies of Block All traffic from the
untrusted to the trusted side. Keep in mind that while you associate requirements (required packages) to
the normal login roles that users attempt to log into, clients will need to meet those requirements while
still in the Temporary role. Therefore, traffic control policies need to be added to the Temporary role to
enable clients to access any required software installation files from the download site(s).
provides complete details on Clean Access Agent configuration. See
for additional information.
Configure Session Timeout and Traffic Policies for the Temporary Role
1.
Go to User Management > User Roles> Schedule.
2.
The Session Timer list appears.
3.
Click the Edit button (
) for the Temporary Role.