Gateway Network Policy

I found this post but it is from 2 years ago and I’m hoping there has been some progress in the UI regarding the use of Device Posture Checks in a Gateway Network Policy.

Has anyone been able to get the posture checks working as a condition for a network policy through the UI?

Previous post from two years ago:

I have it working.

The UI doesn’t have the “if posture failed” policy but you won’t need it.


  1. Create a list and add the serial numbers for each allowed device.

  1. Using the API (Can’t use GUI for this either) create the serial number posture for linux, mac, windows.

Change the name, description and the id (which is the list including the serial numbers) and the API access values.

curl -v -X POST$ACCOUNT_ID/devices/posture \
-H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" \
--data '{"type":"serial_number","name":"Mac serial posture","description":"Mac Serial posture","schedule":"1m","match":[{"platform":"mac"}],"input":{"id":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},"expiration":"1h"}'

Note that if you have devices running linux, mac and windows you need to add a posture for each os.

  1. Create a policy allowing access to the secured destinations when the postures pass.

  2. Create a policy denying access to the secured destinations, with no other conditions.

  1. Make sure the allow policy is up and the deny is down.

This is how I have it working.

Thank you for your detailed response. This helped me down the right path to get what I needed working. Greatly appreciated.

1 Like

Happy to help!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.