User Access Manager Help >> Operation Guide >> User Access Policy >> Service Parameters >> System Settings >> Endpoint Aging Policy

Endpoint Aging Policy

Transparent authentication permits network access without requiring the user credentials when the endpoint MAC address has been bound to the account name of the user. For security purposes, the system deletes the endpoint that exceeds the specified endpoint aging time after the endpoint goes offline. To use the endpoint for network access again, the user must re-enter the account name and password for authentication. When the endpoint aging time is set to 0 days or hours, endpoint information never expires.You can set the non-transparent endpoint aging time for endpoints if the transparent authentication status of the endpoints is disabled. UAM deletes the endpoints from the endpoint list based on the non-transparent endpoint aging time setting.

Functions

• Add/Modify Endpoint Aging Policy

Operation Procedure

1. Click the User tab. From the navigation tree, select User Access Policy > Service Parameters > System Settings.
2. Click the Configure iconEndpoint Aging Policy.
3. Click Add or click the Modify iconfor an existing endpoint aging policy.
4. Set the endpoint aging time and endpoint aging mode. Select the user groups or IP groups or endpoint OSs to which you want to apply the policy.
5. Click OK.
• Delete Endpoint Aging Policy

Operation Procedure

1. Click the User tab. From the navigation tree, select User Access Policy > Service Parameters > System Settings.
2. Click the Configure iconfor Endpoint Aging Policy.
3. Click the Delete iconfor the endpoint aging policy you want to delete, and then click OK in the confirmation dialog box.
• Modify Endpoint Aging Policy Type

Operation Procedure

1. Click the User tab. From the navigation tree, select User Access Policy > Service Parameters > System Settings.
2. Click the Configure icon for Endpoint Aging Policy.
3. Click Modify Endpoint Aging Policy Type (Current Type: By XXX).
4. Select an endpoint aging policy type. Options are By User Group and By OS.
5. Click OK.

Parameters

• Transparent Endpoint Aging Time: Set the aging time in days or hours. When Day is selected, UAM deletes the expired and offline endpoints at 00:00 every day. When Hour is selected, UAM deletes the offline endpoints immediately after they expire. The aging time for an endpoint is counted from the first time when the endpoint passes transparent authentication. For example, in the By Binding Time mode, if the first successful transparent authentication for an endpoint is at 10:00 on December 1, 2019, UAM deletes the endpoint as follows:
  • If this parameter is set to 24 hours, UAM deletes the endpoint when the endpoint goes offline after 10:00 on December 2, 2019.
  • If this parameter is set to 1 day, UAM examines whether the endpoint is offline at every 00:00 from December 3, 2019. If the endpoint goes offline, UAM deletes the endpoint.
• Endpoint Aging Mode: An endpoint can be aged based on the binding time or idle time. Use this parameter together with Transparent Endpoint Aging Time. When an endpoint is aged based on the binding time, UAM deletes the endpoint if the endpoint goes offline and the time interval since the first transparent MAC authentication exceeds the specified aging time. For example, if the endpoint aging time is 1 day and an endpoint passes the first transparent authentication on December 1, 2019, UAM examines whether the endpoint is offline at every 00:00 from December 2. If the endpoint goes offline, UAM deletes the endpoint. When an endpoint is aged based on the idle time, UAM deletes the MAC address of the authenticated endpoint that does not come online for the specified aging time. To use the endpoint for network access again, the user must re-enter the account name and password for authentication. For example, if the aging time is set to 1 day, at 00:00 on December 3, 2019, UAM deletes the MAC address of the endpoint that last goes offline on December 1, 2019.
• Non-Transparent Endpoint Aging Time: Set the aging time in days or hours. When Days is selected, UAM deletes the expired and offline endpoints at 00:00 every day. When Hours is selected, UAM deletes offline endpoints immediately after they expire. The aging time for an endpoint is counted from the most recent time when the endpoint passes authentication. For example, if the most recent successful authentication for an endpoint is 10:00 a.m. on December 1, 2019, UAM deletes the endpoint as follows:
  • If this parameter is set to 24 hours, UAM deletes the endpoint when the endpoint goes offline after 10:00 a.m. on December 2, 2019.
  • If this parameter is set to 1 day, UAM examines whether the endpoint is offline at every 00:00 from December 3, 2019. If the endpoint goes offline, UAM deletes the endpoint.

Precautions

• UAM supports two types of endpoint aging policies, user group-based and endpoint OS-based. You can modify the endpoint aging policy type when the system has no other endpoint aging policies except the default policy.