https://community.cisco.com/t5/network-access-control/posture-to-check-dns-and-proxy-settings/m-p/3458265#M518722 <HTML><HEAD></HEAD><BODY><P>Can we check client's DNS and proxy settings with NAC agent or Anyconnect, and decide to allow the client if these settings are configured as compliant to corporate policy? If not, redirect to a page which says uncompliant DNS and proxy settings are being used.</P></BODY></HTML> Wed, 10 Jan 2018 06:05:00 GMT ozgguler 2018-01-10T06:05:00Z https://community.cisco.com/t5/network-access-control/posture-to-check-dns-and-proxy-settings/m-p/3458265#M518722 <HTML><HEAD></HEAD><BODY><P>Can we check client's DNS and proxy settings with NAC agent or Anyconnect, and decide to allow the client if these settings are configured as compliant to corporate policy? If not, redirect to a page which says uncompliant DNS and proxy settings are being used.</P></BODY></HTML> Wed, 10 Jan 2018 06:05:00 GMT https://community.cisco.com/t5/network-access-control/posture-to-check-dns-and-proxy-settings/m-p/3458265#M518722 ozgguler 2018-01-10T06:05:00Z https://community.cisco.com/t5/network-access-control/posture-to-check-dns-and-proxy-settings/m-p/3458266#M518723 <HTML><HEAD></HEAD><BODY><P>You might be able to do this with a registry check, you would have to validate this in a lab setup</P><P></P><P>Upon failure you could then throw up a remediation message with AnyConnect telling them they are blocked because of this</P><P></P><P>You can redirect them on non compliance to an manual noted html page in ISE 2.2 and higher stating they are non compliant however there is no way in authorization rules to say if you fail posture rule x then redirect to html page x for message x</P></BODY></HTML> Wed, 10 Jan 2018 12:16:45 GMT https://community.cisco.com/t5/network-access-control/posture-to-check-dns-and-proxy-settings/m-p/3458266#M518723 Jason Kunst 2018-01-10T12:16:45Z