Web-based Health Check Only Service

This type of service is the same as the Web-based Authentication service except that there is no authentication performed; only health check are performed.

The internal service rule Connection:Protocol EQUALS WebAuth categorizes requests into this type of service.

The external service rule Host:CheckType EQUALS Health is automatically added when you select this type of service.

For more information, see Web-Based Authentication Service.

Creating the Service

To create a Web-based Health Check Only service:

1. Navigate to Configuration > Services, then select the Add link.

The Add Services page opens.

2. From the Type drop-down, select the Web-Based Health Check Only service.

The Web-Based Health Check Only service configuration dialog opens:

Figure 1  Web-Based Health Check Only Service Configuration Dialog

3. Specify the Service tab parameters as described in the following table:

Table 1: Add Web-based Health Check Only Service > Service Tab Parameters

Parameter

Action/Description

Type

From the drop-down list, select Web-based Health Check Only.

Name

Enter the name of the service.

Description

Provide additional information that helps to identify the service.

Monitor Mode

Select the check box to monitor network access activity without enforcement.

More Options

Check these boxes to access the additional configuration tabs:

Authorization

Posture Compliance

Service Rule

Type

Select one of the following service rule types:

Authentication

Connection

Date

Device

Host

Endpoint

Name

Select the name of the service rule from the drop-down list.

Operator

Select an appropriate operator from the list of operators for the data type of the attribute.

Value

Select the value from the drop-down list. The value list depends on the operator selected.

Service Rule > Web-Based Authentication Host Attributes

The following table describes the list of other attributes that can be used to create host services based on the client's information.

Table 2: Service Rule > Web-Based Health Check Only Host Attributes

Attribute Name

Description

AgentType

Specifies the type of OnGuard Agent. This attribute provides a way to define a separate service for each OnGuard Agent Type. The supported values are:

OnGuardAgent: OnGuard Agent

OnGuardAgentService: OnGuard Agent running as a service

NativeWebAgent: Native Dissolvable Agent

JavaWebAgent: Java Dissolvable Agent

Agent Version

OnGuard Agent version. This attribute can be used to create a service based on the OnGuard Agent version.

CheckType

Specifies the type of check OnGuard Agent is performing based on the Mode setting in the OnGuard Settings page (for details, see OnGuard Settings and Agent Library Updates).

For Authenticate with health checks, the value of this attribute is Authentication, Health. The supported values are:

Authentication: OnGuard Agent is performing authentication; that is, the request contains credentials.

Health: OnGuard Agent is performing health checks; that is, the request contains Posture information.

None

FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.

Indicates the Fully Qualified Domain Name of the client.

HealthCheckLevel

Indicates the level of health checks performed by OnGuard Agent; that is, whether the user is logged in at the time of health check or not.

This attribute can be used to see the health check level when OnGuard Agent is running as Service or BothServiceAndUser.

System: The user is not logged in when health checks are being run.

User: The user is logged in when health checks are being run.

Installed SHAs

Specifies the SHAs installed on the client.

InterfaceType

Specifies the type of Network Interface. This attribute can be used to define different services based on Network Interface type. The supported values are:

Wired

Wireless

VPN

LastHealthStatus

Most recent Health status. Value can be from one of the following

Healthy

Quarrantine

Unknown

LastHealthStatusTimeStamp Timestamp of last health status in epoch format, For example,12 PM on 2 December, 2021 would be 1638446400.
LastHealthStatusDateTime Timestamp of last health status in date/time format.
Machine Type

Identify the device as one of the following types:

Desktop

Laptop

Virtual Machine

Server

Other

Unknown

Name

This is the host name of the client (without the domain name).

OSArch

Specifies whether the client is running a 32-bit or 64-bit OS. The supported values are:

i386: 32-bit OS

x86_64: 64-bit OS

OSName

Indicates the full Operating System name. This attribute can be used to create services for a specific OS.

For example, you can use this attribute to differentiate between Windows 8 and Windows 8.1

OSNameVersion

Provides the Windows OS name and the build version. This attribute can be used to create different Posture policies for different Windows 10 versions such as 2015 LTSB or 2016 LTSB.

OSType

Specifies the Operating System type. The supported values are:

Linux

macOS

Windows 8

Window 10

Windows Server 2016

Windows Server 2019

SDKType

Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type.

For example, you can specify that the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type equals V4. For related information, see Upgrading From OnGuard Plugin Version 1.0 to 2.0.

SDKVersion

Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. version.

SerialNumber

Specifies the serial number of the client.

ServerCertificateCheck

This attribute's value shows the status of the Policy Manager Server Certificate Check performed by OnGuard agent while sending a WebAuth request to the Policy Manager server.This attribute can also be used in a Service Classification.

The value of this attribute can be one of the following:

Passed: OnGuard Agent successfully verified the Policy Manager Server Certificate.

Failed: OnGuard Agent failed to verify the Policy Manager Server Certificate.

UserAgent

The value of this attribute contains both the Agent Type and Agent Version. For example, OnGuard 6.7.0.89660.