For host remediation we shld allow for access to a particular destination or by default it is accessible?????
traffic policies are applied after a host passes posture assessment and remediation.??? to limit network access.
Correct on your first question. In the temporary role you will have to allow access to the remediation resources (AV servers, WU servers etc)
For the second question, you can apply those access lists on the end role in which the user will be placed. For example if your user ends up in the Staff role, then you can define the traffic patterns that are allowed for the staff role and the user would be allowed access only to those sites which you allow in that role.