When you select OPSWAT as the endpoint compliance check provider, there are certain settings that must be configured for Unified Access Gateway to integrate with OPSWAT. For example, you can configure the time interval at which periodic compliance checks can occur, upload the on-demand agent executable file to Unified Access Gateway, and so on.
When OPSWAT is selected as the endpoint compliance check provider on the Horizon Settings page, Unified Access Gateway performs a Horizon Client endpoint device check with OPSWAT. This check is performed so that users with non-compliant endpoints are denied access to Horizon desktops and applications.
If you choose to use any of the time interval settings either for periodic compliance checking or for delaying the compliance check, see Time Interval for Periodic Endpoint Compliance Checks or Time Interval for Delaying Compliance Check respectively.
You can configure the endpoint compliance check provider settings for OPSWAT using PowerShell. For information about the PowerShell parameters, see Using PowerShell to Deploy the Unified Access Gateway Appliance.
Prerequisites
- Sign up for an OPSWAT account and register your applications on the OPSWAT site. See https://go.opswat.com/communityRegistration.
- Note down the client key and client secret key. You need the keys to configure OPSWAT in Unified Access Gateway.
- Log in to the OPSWAT site and configure the compliance policies for your endpoints.
See the relevant OPSWAT documentation.
Procedure
- Log in to Admin UI and go to .
- Click Add.
- Select
OPSWAT
as the Endpoint Compliance Check Provider.
- Enter Client Key and Client Secret.
- Enter the Hostname of the compliance check provider.
- Enter the Connectivity Check Interval to check if the compliance server (OPSWAT) is available.
If there is a connectivity check failure during test call, an error message is logged on the esmanager logs. The event is sent to the syslog server.
- Enter the Compliance Check Interval Timeunit.
The supported time units for the Endpoint Compliance Check Provider time interval settings are in
minutes
and
seconds
.
- If you want to delay the first compliance check after successful user authentication, enter the Compliance Check Initial Delay time interval.
Note: If this time interval is configured, the
Horizon setting,
Compliance Check on Authentication is automatically disabled.
Unified Access Gateway does not check compliance on authentication. For more information about this setting, see
Configure Horizon Settings.
- Enter the desired value in Compliance Check Interval.
- Enter the desired value in Compliance Check Fast Interval.
Important: To configure
Compliance Check Fast Interval, ensure that
Compliance Check Interval is configured and not
0
.
- To change the default value of the statuses and allow endpoints to be launched, click Show Allowed Status Codes.
The following status codes are supported:
In compliance
,
Not in compliance
,
Out of license usage
,
Assessment pending
,
Endpoint unknown
, and
Others
.
- For the desired Status Code, click to change from DENY to ALLOW.
The default value of In Compliance status code is ALLOW
. Only compliant endpoints are allowed to be launched.
The default value of all other status codes is DENY
.
- To upload the OPSWAT MetaAccess on-demand agent executable file for the Windows and macOS platform to Unified Access Gateway, click Show OPSWAT On-demand Agent Settings and configure the required settings.
- Click Save.
What to do next
- Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select
OPSWAT
from the drop-down menu.
- Click Save.