Posture is a highly dynamic state—a device can move from "Healthy" to "Infected" in seconds. Role mapping occurs early in the service processing logic. If posture is evaluated during the role mapping phase, ClearPass may rely on a cached posture token from a previous session. Best practice is to perform posture evaluation within the Enforcement Rules . This ensures that the system checks the most recent "Health" status reported by the OnGuard agent at the exact moment the access decision is being made, preventing a non-compliant device from gaining access based on old data.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit