https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806377#M56444 <P>Thanks Aaron. I was looking at the posture conditions in ISE but wasn't able find any that says if service pack is equal to something. Do you have any idea about it? Its one of the requirement as per attached diagram.</P> Sun, 06 Dec 2015 16:37:10 GMT sqambera 2015-12-06T16:37:10Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806375#M56440 <P>Hello,</P> <P>Could anyone please look at the attached requirement diagram. The Cisco ISE needs to be configured accordingly. Do I have to create Authorization rules for achieving these results? I am wondering that under Authorization conditions in ISE where could I find things like (I am trying to figure out) "windows service pack equal 1", "operating system equals windows 7", etc.</P> <P>Or is it somewhere else that I need to look for configuring these requirements? Does this needs to be done under Posture rules?</P> <P>Thanks in advance for all your help.</P> <P></P> <P>Regards,</P> <P>Qamber</P> Mon, 11 Mar 2019 06:17:47 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806375#M56440 sqambera 2019-03-11T06:17:47Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806376#M56443 <P>Hi,</P> <P>Not exactly. Not all the requirements you ask and the flow you want to get will be done only with Authorization rules.</P> <P>You'll need to use authentication and authorization rules, plus provisioning and posture rules and checks.</P> <P>Your flow is something similar to what I desgined in my company, the only thing you don't have in yours is the BYOD side.</P> <P></P> <P>Cheers,</P> Sat, 05 Dec 2015 08:24:21 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806376#M56443 Aaron Castro Sanchez 2015-12-05T08:24:21Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806377#M56444 <P>Thanks Aaron. I was looking at the posture conditions in ISE but wasn't able find any that says if service pack is equal to something. Do you have any idea about it? Its one of the requirement as per attached diagram.</P> Sun, 06 Dec 2015 16:37:10 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806377#M56444 sqambera 2015-12-06T16:37:10Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806378#M56446 <P>You have to create a posture result condition that would be something like:</P> <P>If OS equals "any" met if "posture condition" else "remediation action".</P> <P>Most&nbsp;OS should be already there.</P> <P>Posture conditions come pre loaded,&nbsp;so you only have to select i.e. pc_W7_SP1_int.</P> <P>Same for remediation, many come created, or you can create new ones as well.</P> <P>Once you have the posture requirements rules, then you can create the policy so if an identity group matches the OS then the requirement will be the one you created as a rule.</P> Sun, 06 Dec 2015 17:29:15 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806378#M56446 Aaron Castro Sanchez 2015-12-06T17:29:15Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806379#M56447 <P>Thanks Aaron for helping out.</P> Wed, 09 Dec 2015 04:09:35 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806379#M56447 sqambera 2015-12-09T04:09:35Z https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806380#M56448 <P>Hi Community,</P> <P></P> <P>could you help me configure posture to check for operating system version? I want to allow access only for Windows 7 and Windows 10. Other Windows version should be rejected.</P> Wed, 23 Nov 2016 11:41:08 GMT https://community.cisco.com/t5/network-access-control/ise-rules/m-p/2806380#M56448 Bob Goal 2016-11-23T11:41:08Z