I found this post but it is from 2 years ago and I’m hoping there has been some progress in the UI regarding the use of Device Posture Checks in a Gateway Network Policy.
Has anyone been able to get the posture checks working as a condition for a network policy through the UI?
Previous post from two years ago:
I have it working.
The UI doesn’t have the “if posture failed” policy but you won’t need it.
Steps:
Change the name, description and the id (which is the list including the serial numbers) and the API access values.
curl -v -X POST https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/devices/posture \
-H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" \
--data '{"type":"serial_number","name":"Mac serial posture","description":"Mac Serial posture","schedule":"1m","match":[{"platform":"mac"}],"input":{"id":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},"expiration":"1h"}'
Note that if you have devices running linux, mac and windows you need to add a posture for each os.
Create a policy allowing access to the secured destinations when the postures pass.
Create a policy denying access to the secured destinations, with no other conditions.
This is how I have it working.
Thank you for your detailed response. This helped me down the right path to get what I needed working. Greatly appreciated.
Happy to help!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
