Add to posture check device type

[ez1976]

Hi. At the moment we cannot limit mobile devices We can limit os version but it also need the ability to deny android/IOS/ Windows mobile. I know i can limit mo ile connection via okta IDP but it would be great to be able to control if we need some to be able to connect via mobile and not only approve/deny completely.

Also the option to have posture check on the login Itself and not only the policy.

Thanks

[braginini]

We can limit os version but it also need the ability to deny android/IOS/ Windows mobile.

I didn't quite get you. You can block Android or iOS. There is no mobile client for Windows mobile. What do you expect here?

Also the option to have posture check on the login Itself and not only the policy. The login is completely in hands of IdP. NetBird has no control over it.

How about having a global profile that would just prevent machines to connect anywhere at all without matching a profile?

[ez1976]

I am sorry. I missed the IOS and Android Option to block it.

But unfortunately since the IOS and Android posture check is per policy, we would need to duplicate all the routes that allow mobile devices and those who block it. It would be great if we can exclude: posture check to disable any mobile device except for the following devices (better per device than user so we can control what device is used)

On Fri, Apr 12, 2024, 07:01 Misha Bragin @.***> wrote:

We can limit os version but it also need the ability to deny android/IOS/ Windows mobile.

I didn't quite get you. You can block Android or iOS. There is no mobile client for Windows mobile. What do you expect here?

image.png (view on web) https://github.com/netbirdio/netbird/assets/700848/49201e08-46c1-4d0d-9efb-8f582d102d22

Also the option to have posture check on the login Itself and not only the policy. The login is completely in hands of IdP. NetBird has no control over it.

How about having a global profile that would just prevent machines to connect anywhere at all without matching a profile?

— Reply to this email directly, view it on GitHub https://github.com/netbirdio/netbird/issues/1837#issuecomment-2051036512, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANTDD2UKOMJSGZKOPL7FETY452CBAVCNFSM6AAAAABGDCZAYCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJRGAZTMNJRGI . You are receiving this because you authored the thread.Message ID: @.***>

[braginini]

Understood.

How about the following:

1. You create two groups, e.g., routing-client and routing-peer
2. add this group to all clients that need access to the routing peers
3. create an access policy that allows routing-client access to to routing-peer
4. attach the mobile block posture check to the policy. will this work for you?

[ez1976]

That is the regular way to get it done. But at the moment i have 250 routes. If i need 100 of them to be able to connect from laptops only and the same 100 routes need to be allows from mobile but for some users. I will need to have 200 routes just for that. 100 that blocks mobile and 100 that allows them. Of course if there was an option to have one route entry that can have multiple routing entries like the dns name server option. Then we can actually reduce the number of routes.

Instead of having 10 routes for different subnets in the same aws vpc, we xan have one policy and one routing for all the subnets in that vpc so the posture checks and policies can all be under a single routing entry.

But if you do integrate this feature, please make sure the search option continue to be able to display results on entries inside a combined route. The netbird search at the moment is great since it display results based on network id, description, peer group or relay groups.

On Fri, Apr 12, 2024, 08:05 Misha Bragin @.***> wrote:

Understood.

How about the following:

1. You create two groups, e.g., routing-client and routing-peer
2. add this group to all clients that need access to the routing peers
3. create an access policy that allows routing-client access to to routing-peer
4. attach the mobile block posture check to the policy. will this work for you?

— Reply to this email directly, view it on GitHub https://github.com/netbirdio/netbird/issues/1837#issuecomment-2051133488, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANTDDYZX5NQ2IFNPCPVDH3Y46BU7AVCNFSM6AAAAABGDCZAYCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJRGEZTGNBYHA . You are receiving this because you authored the thread.Message ID: @.***>

[braginini]

Thank you for the feedback @ez1976