NAC Timers

hany_ibrahim · ‎02-12-2010

the default session timeout timers for NAC is :

Role Session timeout

unauthenticated Role Disabled

Temporary Role 4

Quarantine Role 4

what is the ordering of applying these roles and timers once the user try to login to the PC ?

-before authentication

-after authentication & PC meets security requirements

-after authentication & PC doesn't meets security requirements

&

Faisal Sehbai · ‎02-12-2010

Hany,

The only timer to worry about is the Temporary Role one. That is used if you're using the agent, and are missing some requirements. This time is allowed for you to remediate (by default 4 minutes) Generally customers increase that so the clients can get remediated.

The quarantine timer only applies if you're using nessus scanning, and the unauthenticated timer only for the unauthenticated role.

HTH,

Faisal

hany_ibrahim · ‎02-13-2010

OK , but what about the ordering of excution as i listed ?

Faisal Sehbai · ‎02-13-2010

Hany,

The order is the same as you listed. When PC is unauthenticated, the unauthenticated timers apply. When it's doing posture and remediation the Temporary role timers apply. If you're doing Nessus scanning, then the Quarantine timers apply.

HTH,

Faisal