What is the best practice for integrated UAG configuration?

Key

Description

Value

Recommend Value

Connectivity Check Interval

Check if the compliance server (OPSWAT) is available

  • Valid values (in minutes) - 1 to 120

  • Default value - 0. 0 indicates that the connectivity checks is deactivated.

0

Compliance Check Initial Delay

Delay the first compliance check after users are successfully authenticated

  • Valid values (in minutes ) - 1 to 60

  • Valid values (in seconds) - 5 to 3600

  • Default value - 0. 0 indicates that the compliance check initial delay is deactivated.

  • If using Persistent Clients then the value is 0

  • If using On-demand Clients then the value is 5

Compliance Check Interval

This allows you to configure a periodic time interval at which the Horizon Client sends compliance check request to United Access Gateway during a session

  • Valid values (in minutes) - 5 to 1440

  • Valid values (in seconds) - 30 to 84600

  • Default value - 0. 0 indicates that the compliance check interval is deactivated.

Use the compliance check interval under My OPSWAT Central Management Admin Console \ Settings \ Global \ Device Clients


Compliance Check Fast Interval

This allows you to configure a periodic and frequent time interval at which the Horizon Client sends compliance check requests to Unified Access gateway during a session for an endpoint in specific statuses other than In Compliance. The statuses are:

  • Assessment pending

  • Endpoint unknown

These statuses must be configured as ALLOW.

For example, when the on-demand agent is assessing an endpoint and the device status is either Assessment pending or Endpoint unknown, you can set the time interval to 1 minutes so that the compliance checks are more frequent at the beginning of a session.

  • Valid values (in minutes) - 1 to 1440

  • Valid values (in seconds) - 5 to 84600

  • Default value - 0. 0 indicates that the compliance check fast interval is deactivated.

Recommend values for best security:

  • Value = 0

  • Status Codes: Assessment Pending = disabled

  • Status Codes: Endpoint Unknown = disabled

Recommend values for smooth user experience:

  • Value = 5

  • Status Codes: Assessment Pending = enabled

  • Status Codes: Endpoint Unknown = enabled

Windows On-Demand Agent


  • File Load Type: local

  • Parameters

Recommend values for best security:

  • Parameters: /notrayicon /rempage 1

Recommend values for smooth user experience:

  • Parameters: /rempage 1

MacOS On-Demand Agent


  • File Load Type: local

  • Parameters:

  • Path to Executable:

Recommend values for best security:

  • Parameters: /skip_request_files_permission 1 /rempage 1

  • Path To Executable: <filename>.app/Contents/Resources/opswat-gears-od

Recommend values for smooth user experience:

  • Parameters: /skip_request_files_permission 1 /rempage 1 /trayicon 1

  • Path To Executable: <filename>.app/Contents/Resources/opswat-gears-od

Status Codes

Allow or block the device identified as <compliant> to the configured polices

  • In compliance

  • Not in compliance

  • Out of license usage

  • Assessment pending

  • Endpoint unknown

  • Others

Recommend values for best security:

  • Enable "In compliance"

Recommend values for smooth user experience:

  • Enable "In compliance", "Assessment pending", "Endpoint unknown"