topic Re: Client Provisioning Policy in Network Access Control https://community.cisco.com/t5/network-access-control/client-provisioning-policy/m-p/3337865#M550034 <P>Here is the basic difference between posture policies and client provisioning.</P> <P>&nbsp;</P> <P>Posture: These are policies that are&nbsp;related to any sort of program/files/updates/etc.&nbsp;that exist on the client.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Client Provisioning: These policies are really only related to Cisco AnyConnect or posture modules from ISE.</P> <P>&nbsp;</P> <P>For example you may have a posture policy to check AV status, and if the endpoint AV is out of date you might put it in a VLAN where it can only hit the AV update server. Once the AV is up to date the endpoint is allowed normal network access. Now you have a client provisioning policy to push out the XML file for the AnyConnect&nbsp;corporate VPN connection, it sees that the endpoint doesn't have the correct XML file and now the client gets the updated XML from ISE.</P> <P>&nbsp;</P> <P>Hopefully this gives some clarification between the 2 policies. &nbsp;</P> Mon, 26 Feb 2018 14:44:39 GMT Ben Walters 2018-02-26T14:44:39Z Client Provisioning Policy https://community.cisco.com/t5/network-access-control/client-provisioning-policy/m-p/3337611#M550033 <P>Hello Community,</P> <P>&nbsp;</P> <P>I am&nbsp;New to ISE 2.1&nbsp;and getting confused while understanding&nbsp;Posture policy</P> <P>why do we need to define CPP Policy separate.</P> <P>we define posture conditions under "Policy Elements &gt; Conditions&nbsp; &gt; Posture"</P> <P>and then Action items under&nbsp;&nbsp; "Policy Elements &gt;&nbsp;Results&nbsp; &gt; Posture"</P> <P>I think we call the above condition and results which we created under Posture Policy - Correct me if I am wrong here</P> <P>then what is the use&nbsp;of CPP ?</P> <P>&nbsp;</P> <P>Suggestions would be very helpful.</P> <P>Thanks</P> <P>&nbsp;</P> Fri, 21 Feb 2020 18:46:38 GMT https://community.cisco.com/t5/network-access-control/client-provisioning-policy/m-p/3337611#M550033 Ali 2020-02-21T18:46:38Z Re: Client Provisioning Policy https://community.cisco.com/t5/network-access-control/client-provisioning-policy/m-p/3337865#M550034 <P>Here is the basic difference between posture policies and client provisioning.</P> <P>&nbsp;</P> <P>Posture: These are policies that are&nbsp;related to any sort of program/files/updates/etc.&nbsp;that exist on the client.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Client Provisioning: These policies are really only related to Cisco AnyConnect or posture modules from ISE.</P> <P>&nbsp;</P> <P>For example you may have a posture policy to check AV status, and if the endpoint AV is out of date you might put it in a VLAN where it can only hit the AV update server. Once the AV is up to date the endpoint is allowed normal network access. Now you have a client provisioning policy to push out the XML file for the AnyConnect&nbsp;corporate VPN connection, it sees that the endpoint doesn't have the correct XML file and now the client gets the updated XML from ISE.</P> <P>&nbsp;</P> <P>Hopefully this gives some clarification between the 2 policies. &nbsp;</P> Mon, 26 Feb 2018 14:44:39 GMT https://community.cisco.com/t5/network-access-control/client-provisioning-policy/m-p/3337865#M550034 Ben Walters 2018-02-26T14:44:39Z