https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208931#M592451 <P>The desired VLAN includes both Windows 10 and Windows 7 machines and therefore, when a Windows 7 computer connects to the network, it always matches with the configured "<STRONG>Unknown</STRONG>" policy which has very limited network connectivity and unfortunately stucks in this stage (because of Windows 7 supportability for ISE Posture Module, the client cannot include this module installed. Right?). I want to bypass this policy for Windows 7 PCs without using Profiling Policy inclusion of just Windows 10 PCs.</P><P>The following is the fact from the client (with Windows 7) that ISE has gathered?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="rezaalikhani_0-1728982343302.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/231313i27B171D5D6D9211C/image-size/medium?v=v2&amp;px=400" role="button" title="rezaalikhani_0-1728982343302.png" alt="rezaalikhani_0-1728982343302.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Any ideas?</P><P>Thanks</P> Tue, 15 Oct 2024 10:36:05 GMT rezaalikhani 2024-10-15T10:36:05Z https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5206267#M592348 <P>Hi all;</P><P>Consider the following Authorization Policy:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rezaalikhani_0-1728541129931.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/231023i75E605A0D192F7C0/image-size/large?v=v2&amp;px=999" role="button" title="rezaalikhani_0-1728541129931.png" alt="rezaalikhani_0-1728541129931.png" /></span></P><P>In this case, although I have configured the "<STRONG>Default Posture Status</STRONG>" setting as "<STRONG>Compliant</STRONG>", but as soon as an endpoint without posture agent installed connects to the network, it matches with the "Posture Unknown" condition and therefore, the limited dACLs applies to it.</P><P>Any ideas?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 10 Oct 2024 06:29:24 GMT https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5206267#M592348 rezaalikhani 2024-10-10T06:29:24Z https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208931#M592451 <P>The desired VLAN includes both Windows 10 and Windows 7 machines and therefore, when a Windows 7 computer connects to the network, it always matches with the configured "<STRONG>Unknown</STRONG>" policy which has very limited network connectivity and unfortunately stucks in this stage (because of Windows 7 supportability for ISE Posture Module, the client cannot include this module installed. Right?). I want to bypass this policy for Windows 7 PCs without using Profiling Policy inclusion of just Windows 10 PCs.</P><P>The following is the fact from the client (with Windows 7) that ISE has gathered?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="rezaalikhani_0-1728982343302.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/231313i27B171D5D6D9211C/image-size/medium?v=v2&amp;px=400" role="button" title="rezaalikhani_0-1728982343302.png" alt="rezaalikhani_0-1728982343302.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Any ideas?</P><P>Thanks</P> Tue, 15 Oct 2024 10:36:05 GMT https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208931#M592451 rezaalikhani 2024-10-15T10:36:05Z https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208939#M592455 <P>How about selecting only Win 10 operating system in the posture assessment policy and conditions?</P> Tue, 15 Oct 2024 10:46:26 GMT https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208939#M592455 Aref Alsouqi 2024-10-15T10:46:26Z https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208975#M592461 <P>Thanks for your reply;</P><P>This is my first possible solution but without success.&nbsp;</P> Tue, 15 Oct 2024 11:34:01 GMT https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5208975#M592461 rezaalikhani 2024-10-15T11:34:01Z https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5209525#M592486 <P>If you could please share the screenshot of your posture assessment configuration for review.</P> Wed, 16 Oct 2024 09:51:53 GMT https://community.cisco.com/t5/network-access-control/posture-unknown-flow-for-endpoints-without-posture-agent/m-p/5209525#M592486 Aref Alsouqi 2024-10-16T09:51:53Z