About Device Posture
The OpenVPN Connect app shares device attributes with CloudConnexa during the tunnel connection and periodically after that. You can configure a device posture policy that uses this data to evaluate the device's security and compliance and decide if it is safe to connect and stay connected to CloudConnexa.
The OpenVPN Connect app shares device attributes with CloudConnexa during the tunnel connection and periodically after that. You can configure a device posture policy that uses this data to evaluate the device's security and compliance and decide if it is safe to connect and stay connected to CloudConnexa.
Note
Device Posture is a Beta feature.
Minimum client versions for device posture
For device posture policies to work, the OpenVPN Connect App installed on the device must have a version number equal to or higher than the ones listed below.
Windows: OpenVPN Connect 3.5
macOS: OpenVPN Connect 3.5
Device attributes for posture checks
The attributes in this section can determine the device's security posture. Policies to allow or maintain the connection can be configured based on the attributes listed below:
Operating System: The device's operating system (Windows, macOS) can determine whether a connection is allowed.
Operating System Version: A connection can be allowed if the version of the operating system on the device is equal, greater or equal, less or equal than a specified version string (major.minor.patch). For example, 3.5.124
Antivirus: At least one antivirus running on the device can determine whether a connection is allowed. Supported antivirus software are Norton, Bitdefender, McAfee, Avast, ESET, AVG, Avira, SentinelOne, Malwarebytes, and Microsoft Defender (for Windows OS only).
Client Certificate (Windows OS only): To allow the connection, the device must have a certificate matching the one uploaded as a .pem file in the configured device posture policy. If the certificate uploaded in the policy is a Root or Intermediate certificate, then the certificate present in the device can be directly signed by the certificate in the policy (i.e., only chaining of 1-level is allowed). The encryption used for the signing can be either RSA (min key size - 2048) or ECDSA (min key size - 256).
Disk Encryption: To allow the connection, the disk must be encrypted using FileVault on macOS devices. For Windows devices, the full disk or a specific volume must be encrypted using BitLocker.