DescriptionA registered host connects to the VPN and downloads the Dissolvable Agent in order to scan. The scan results are not sent to the server, preventing the host from moving to the unrestricted (production) network. This behavior is triggered by criteria used in the User/Host Profile for the matching Endpoint Compliance Policy such as (but not limited to):
Host GroupHost role VPN clientNote.
A Rogue host may be able to connect to the VPN, register and successfully move to production. However, the host will fail to be moved from the restricted network upon re-connect.
This behavior does not affect hosts with the Persistent Agent installed.
ScopeAll versions supporting Cisco ASA and FortiGate VPN integrations.SolutionWorkaround:Include one or more of the following criteria in the User Host Profile.
Important:
Do not include any other criteria.RequiredAdapter [Connected: Offline]Optional:Adapter [IP Address: <VPN IP subnets. Can use wildcard (*)>]Host [Persistent Agent: No]Example 1:Adapter [Connected: Offline]Example 2:Adapter [Connected: Offline]andAdapter [IP Address: 10.19.58.*]Example 3:Adapter [Connected: Offline]andAdapter [IP Address: 10.19.58.*]or Host [Persistent Agent: No]Solution: Addressed in version 8.8.3.1718.ID 0652141ID 0639548