Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
1
Replies

posture during PSN failover

Go to solution
davguti2@cisco.com
Cisco Employee
Cisco Employee

‎07-09-2019 01:38 PM

PSN's are load balanced behind an F5.  When a PSN failover occur's the new PSN initiates new authentication session and a new redirect ACL is sent to the switch.  However, the endpoint posture module never initiates new posture assessment.  The endpoint still shows it self as compliant, but redirect ACL on the switch blocks traffic.

How do you get the posture reassess the endpoint in this scenario?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chyps
Level 1
Level 1

‎07-11-2019 07:57 PM

Make sure all PSNs in LB cluster are part of some node group. There is a designated "master" that will initiate CoA in event that another PSN in node group had a session in URL-redirect pending state. This should ensure that new session established using new redirect ACL appropriate to current PSN.  

View solution in original post

0 Helpful
1 Reply 1

Go to solution
chyps
Level 1
Level 1

‎07-11-2019 07:57 PM

Make sure all PSNs in LB cluster are part of some node group. There is a designated "master" that will initiate CoA in event that another PSN in node group had a session in URL-redirect pending state. This should ensure that new session established using new redirect ACL appropriate to current PSN.  

0 Helpful
Customers Also Viewed These Support Documents