Closed JonathanManass closed 2 weeks ago
Hello @JonathanManass, posture checks are applied only to policy source groups. This means that the source can only communicate with the destination if it meets the required rule.
Could you confirm if the peer with a version below the minimum required belongs to the source or destination group in the policy?
Hi @bcmmbaga, that was is. I had three groups as both source and destination in the same policy. By moving them into seperate policies and only putting each group on only one of either side of the policy I got to the result I wanted. Thanks for that, I would say however that specifying somewhere that posture checks are only applied to source groups might be worth it. Except if I missed it, it does not seem specified on the console when adding them or in the documentation specified on that page.
Hi @bcmmbaga, that was is. I had three groups as both source and destination in the same policy. By moving them into seperate policies and only putting each group on only one of either side of the policy I got to the result I wanted. Thanks for that, I would say however that specifying somewhere that posture checks are only applied to source groups might be worth it. Except if I missed it, it does not seem specified on the console when adding them or in the documentation specified on that page.
Thanks for confirming that the solution worked!. We will include this clarification in the documentation. For now, I will close this issue.
Thanks again for your feedback!
Describe the problem
I noticed that when adding a posture check requiring a certain version of the client, this would only block if both clients were under the required version.
If we have 3 clients, with one not at the minimum version of the posture check, it will still be able to connect to the other ones, if two clients are below the minimum version, they won't be able to communicate with each other.
It seems like it would be more useful to have the option of completely blocking access for a client not having the required version
To Reproduce
Expected behavior
As said, I would rather have it that if one peer is below the posture check required version and the two others are compliant, those two should communicate to each other, but not with the third non compliant peer
Are you using NetBird Cloud?
No, I'm selfhosting it.
NetBird version
0.27.10