I've always wondered what people would like to see out of this product so I thought I would throw these ideas out there and see if anyone else thought they would be useful or if there were maybe some other big improvements people want to see.
1) Log of packets denied due to role traffic settings 2) Sending of logging information from HA-IP 3) Have CAM be able to check posture of clients without moving them to UnAuth Role. I hear Bradford does this and I can see how it could make the NAC experience much smoother and provide a possibly more secure network if you are able to check client more often without interrupting their session to do it. It does defeat the seemingly 'pure' OOB approach CCA has though. 4) Have the agent run as a service and/or run before the windows logon portion of boot up. So basically the agent could load, verify the posture of the computer (although some checks might not work, basic ones would) and then pass the logon credentials through to the windows GINA and so a SSO that way. This would allow for things like logon scripts/offline files/GPO to be applied without anything special going on. At the same time though you present the issue of how to update a client this way if it is out of compliance? I'd bet that most AV updater's wouldn't work if they are called like this. Anyway, just my list. Thoughts or Additions? --Jeremy
