Filter
Top Products
604 Configuring SODA endpoint security for a WSS
NN47250-500 (320657-F Version 02.01)
Specifying a remediation ACL
If the SODA agent checks fail on a client, by default the client is disconnected from the network. Optionally, you can
specify a failure page for the client to load (with the set service-profile soda failure-page command, described above).
You can optionally specify a remediation ACL to apply to the client when the failure page is loaded. The remediation
ACL can be used to grant the client limited access to network resources, for example.
To specify a remediation ACL to be applied to a client if it fails the checks performed by the SODA agent, use the
following command:
set service-profile name soda remediation-acl acl-name
To disable use of the remediation ACL for the service profile, use the following command:
clear service-profile name soda remediation-acl
The acl-name refers to an existing security ACL. If there is no remediation ACL configured for the service profile, then
the client is disconnected from the network when the failure page is loaded.
If configured, a remediation ACL is applied to a client when the client loads the failure page. A client loads the failure
page only if the service profile is set to enforce SODA agent checks, and the client fails the SODA agent checks. Conse-
quently, in order to apply a remediation ACL to a client, you must make sure the service profile is set to enforce SODA
agent checks.
For example, the following command configures the WSS to apply acl-1 to a client when it loads the failure page:
WSS# set service-profile sp1 soda remediation-acl acl-1
success: change accepted.