Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
4
Replies

Posture status change after 60 seconds

daniel_rs
Level 1
Level 1

‎03-17-2025 06:52 AM

Hello community,

I am configuring posture for MacOS. All configuration went fine and we are able to evaluate posture successfully. The problem is that after posture reports "compliant" state on live logs, after 60 seconds it goes back to pending. I enabled the rescan buttom on secure client, and if i click it, posture goes to compliant and again after 60 seconds back to pending.

Also check in posture reports, that the correct conditions are being evaluated. In this case we are only checking the OS version is 15 for macos sequoia. If you could help with any guidance to tshoot it would be great.

Just to mention, when a endpoint matchs a policy rule with compliant condition, we apply a authorization profile with VLAN assignment, so users change the IP when posture is successfull. Below some lines we found suspicious on the logs

Session Events

2025-03-11 17:25:52.822 RADIUS Accounting stop request
2025-03-11 17:24:43.565 IP=A.B.C.D| MAC=AA:BB:CC:DD:EE:FF| AUDITSESID=0A1E1F170003B7075A1DD5BA| AUTHTYPE=DOT1X| POLICY_TYPE=Named ACL| POLICY_NAME=xACSACLx-IP-ACL_Usuarios_Ejemplo-6686ed20| RESULT=SUCCESS
2025-03-11 17:24:43.564 Authorization failed for client (AA:BB:CC:DD:EE:FF) on Interface Fa0/19
2025-03-11 17:24:43.564 Authentication successful for client (AA:BB:CC:DD:EE:FF) on Interface Fa0/19
2025-03-11 17:24:43.498 Authentication succeeded
2025-03-11 17:24:43.174 Dynamic Authorization succeeded
2025-03-11 17:21:29.12 Authorization succeeded for client (AA:BB:CC:DD:EE:FF) on Interface Fa0/19
2025-03-11 17:21:28.126 RADIUS Accounting start request
2025-03-11 17:21:28.091 Authentication successful for client (AA:BB:CC:DD:EE:FF) on Interface Fa0/19
2025-03-11 17:21:28.09 Starting 'dot1x' for client (AA:BB:CC:DD:EE:FF) on Interface Fa0/19
0 Helpful
4 Replies 4

Dustin Anderson
VIP Alumni
VIP Alumni

‎03-17-2025 07:26 AM

Under administration _> Settings _> Posture -> General settings,

What do you have set for posture lease? Also may need to see your rules and order. posture compliant rule is above the assesment?

0 Helpful

daniel_rs
Level 1
Level 1
In response to Dustin Anderson

‎03-17-2025 08:34 AM

Hello,

Yes, the assesment rule is beofre the last one, and the posture compliant is far above. On General Settings we have the option Perform posture assesment every time a user connects to the network. With this configuration windows endpoints work fine, but they do eap chaining (user + mach authentication). On the other side MacOS only make machine authentication.

Regards

 

0 Helpful

daniel_rs
Level 1
Level 1
In response to daniel_rs

‎03-17-2025 08:40 AM

Hi, just to mention... It is also enabled the option"Cache last known posture compliant status"

0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni

‎03-17-2025 09:14 AM

I have not done mac as they use JAMF here for compliance and I check that instead of the secure client. I do use the client on PCs. Since you said PCs work, you may want to see if anything in the compliance rule would not match sending back to non-compliant. Also check the mac address isn't changing since apple does love random mac. Otherwise hopefully someone has some experience with mac and any quirks to be aware of. 

0 Helpful
Customers Also Viewed These Support Documents