1.4.1Health State "Untrusted"

As soon as the identity match is finished and the client's identity can not be validated, the health state changes to "Untrusted". Untrusted does not necessarily mean that the client may be a guest client but only that the Access Control Service can not determine the client's identity. Nevertheless the configuration parameter Access Control Service Trustzone > Settings > No Rule Exception allows to assign a set of client attributes.

1.4.2Health State "Probation"

If the health match fails the client is said to be in probation. It still receives a cookie containing the unhealthy assessment as well as the detailed outcome of the health matching procedure. From here on the client software may take appropriate action and try to self-remedy the situation, for example by starting the AV scanner. In any case, the user will be informed of the current state of his or her system by an appropriate message.

After the client has performed the requested actions it reconnects to the Access Control Service again. Should the client be successful to self remedy the situation the Access Control service verifies the health conditions again and changes the client health state to "healthy" if the client complies to the assigned health policy from now on.

Should the client fail to self remedy the situation or does not reconnect in a reasonable amount of time, its status changes to unhealthy and the quarantine rules are enabled.

A client will never be in state "probation" for more than one connect cycle (see flowchart above). If the client does not respond within the configurable "Health Sate Probation time" (Access Control Service Settings > System Health-Validator > General) the Access Control Service automatically changes the client's health state to "Unhealthy".

1.4.3Health State "Healthy"

Depending on the configuration the health policy could require an up-to-date Barracuda NG Personal Firewall installed and enabled or a running Antivirus software including up-to-date AV patterns. A list of available Health State requirements is available below.

Should all required criteria match, the client is deemed healthy and receives a signed cookie listing the applicable policy attributes. This signed cookie may be further used to authenticate against external trust zones.

1.4.4Health State "Unhealthy"

Last but not least a client may not comply to the company's health policy. As described in the section Health State 'Probation' (see 1.4.2 Health State "Probation", page 13) the client will get the possibility to perform actions (either manual or automated) to to fulfil all health requirements before being put into quarantine.

13 Barracuda NG Network Access Client - Administrator’s Guide

Page 15
Image 15
Barracuda Networks VERSION SP4 manual Health State Untrusted, Health State Probation, Health State Healthy