07-09-2019 01:38 PM
PSN's are load balanced behind an F5. When a PSN failover occur's the new PSN initiates new authentication session and a new redirect ACL is sent to the switch. However, the endpoint posture module never initiates new posture assessment. The endpoint still shows it self as compliant, but redirect ACL on the switch blocks traffic.
How do you get the posture reassess the endpoint in this scenario?
Solved! Go to Solution.
07-11-2019 07:57 PM
Make sure all PSNs in LB cluster are part of some node group. There is a designated "master" that will initiate CoA in event that another PSN in node group had a session in URL-redirect pending state. This should ensure that new session established using new redirect ACL appropriate to current PSN.
07-11-2019 07:57 PM
Make sure all PSNs in LB cluster are part of some node group. There is a designated "master" that will initiate CoA in event that another PSN in node group had a session in URL-redirect pending state. This should ensure that new session established using new redirect ACL appropriate to current PSN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide