What is the best practice for integrated UAG configuration?

KeyDescriptionValueRecommend Value
Connectivity Check IntervalCheck if the compliance server (OPSWAT) is available
  • Valid values (in minutes) - 1 to 120
  • Default value - 0. 0 indicates that the connectivity checks is deactivated.
0
Compliance Check Initial DelayDelay the first compliance check after users are successfully authenticated
  • Valid values (in minutes ) - 1 to 60
  • Valid values (in seconds) - 5 to 3600
  • Default value - 0. 0 indicates that the compliance check initial delay is deactivated.
  • If using Persistent Clients then the value is 0
  • If using On-demand Clients then the value is 5
Compliance Check IntervalThis allows you to configure a periodic time interval at which the Horizon Client sends compliance check request to United Access Gateway during a session
  • Valid values (in minutes) - 5 to 1440
  • Valid values (in seconds) - 30 to 84600
  • Default value - 0. 0 indicates that the compliance check interval is deactivated.

Use the compliance check interval under My OPSWAT Central Management Admin Console \ Settings \ Global \ Device Clients

Compliance Check Fast Interval

This allows you to configure a periodic and frequent time interval at which the Horizon Client sends compliance check requests to Unified Access gateway during a session for an endpoint in specific statuses other than In Compliance. The statuses are:

  • Assessment pending
  • Endpoint unknown

These statuses must be configured as ALLOW.

For example, when the on-demand agent is assessing an endpoint and the device status is either Assessment pending or Endpoint unknown, you can set the time interval to 1 minutes so that the compliance checks are more frequent at the beginning of a session.

  • Valid values (in minutes) - 1 to 1440
  • Valid values (in seconds) - 5 to 84600
  • Default value - 0. 0 indicates that the compliance check fast interval is deactivated.

Recommend values for best security:

  • Value = 0
  • Status Codes: Assessment Pending = disabled
  • Status Codes: Endpoint Unknown = disabled

Recommend values for smooth user experience:

  • Value = 5
  • Status Codes: Assessment Pending = enabled
  • Status Codes: Endpoint Unknown = enabled
Windows On-Demand Agent
  • File Load Type: local
  • Parameters

Recommend values for best security:

  • Parameters: /notrayicon /rempage 1

Recommend values for smooth user experience:

  • Parameters: /rempage 1
MacOS On-Demand Agent
  • File Load Type: local
  • Parameters:
  • Path to Executable:

Recommend values for best security:

  • Parameters: /skip_request_files_permission 1 /rempage 1
  • Path To Executable: <filename>.app/Contents/Resources/opswat-gears-od

Recommend values for smooth user experience:

  • Parameters: /skip_request_files_permission 1 /rempage 1 /trayicon 1
  • Path To Executable: <filename>.app/Contents/Resources/opswat-gears-od
Status CodesAllow or block the device identified as <compliant> to the configured polices
  • In compliance
  • Not in compliance
  • Out of license usage
  • Assessment pending
  • Endpoint unknown
  • Others

Recommend values for best security:

  • Enable "In compliance"

Recommend values for smooth user experience:

  • Enable "In compliance", "Assessment pending", "Endpoint unknown"
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How Can I Resolve High Disk Usage on the OCM Server?
On This Page
What is the best practice for integrated UAG configuration?