Skip to main content

Add a device posture policy

Abstract

How to create a device posture policy for CloudConnexa that evaluates device security and compliance for creating and maintaining network connections.

OpenVPN Connect shares device attributes with CloudConnexa when establishing a tunnel and periodically during the session. You can configure a device posture policy to evaluate this information and determine whether a device is allowed to connect or remain connected.

Minimum client versions for device posture

Device Posture policies require OpenVPN Connect (or OpenVPN3 Client for Linux) versions equal to or higher than the following:

Note

The Linux client requires both openvpn3-addon-devposture and openvpn3-dpc-openvpninc packages to be installed for Device Posture functionality to work.

Add a device posture policy

To add a device posture policy, follow the steps below:

  2. Click Users > Device Posture.

  3. Click Add Policy.

  4. In the Policy Details:

    • Enter a Name.

    • (Optional) Enter a Description.

  5. In the Apply To section:

    • Select one or more User Groups to which the policy will apply.

    • You may skip this step and assign User Groups later.

  6. In the Configuration section:

    • You will see separate policy blocks for Windows, macOS, Linux, Android/ChromeOS, and iOS.

    • All are enabled (ON) by default.

  7. To block connections from devices running a specific operating system, turn the corresponding policy block to OFF.

  8. To add a posture check:

    • Select a check from the drop-down list within the appropriate operating system block.

    • Configure the condition that must be met.

      Note

      A device must pass all checks configured for its operating system to connect.

  9. Click Add another check to include additional requirements.

    Tip

    For details about available checks, see ???.

  10. Click Add Policy to save the configuration.

Tutorial showing the addition of a macOS device posture policy

In this section:
See also: