https://community.cisco.com/t5/network-access-control/beyondtrust-remote-support-dacl/m-p/5292907#M596420 <P>This is extremely challenging to do using a dACL for SaaS products since IPs and domain names can change constantly. I would recommending allowing internet access within the dACL and controlling access via an edge firewall instead. You can integrate said firewall with ISE via pxGrid for user/tag data and control access based on application groups with an NGFW.</P> Thu, 22 May 2025 12:07:35 GMT ahollifield 2025-05-22T12:07:35Z https://community.cisco.com/t5/network-access-control/beyondtrust-remote-support-dacl/m-p/5292675#M596405 <P>Has anyone created a dACL for BeyondTrust Remote Support when machines are in a non-compliant status?&nbsp; By non-compliant, I'm referring to machine authentication only with either failed user login or no user login.&nbsp;</P> Wed, 21 May 2025 16:42:44 GMT https://community.cisco.com/t5/network-access-control/beyondtrust-remote-support-dacl/m-p/5292675#M596405 dsykes 2025-05-21T16:42:44Z https://community.cisco.com/t5/network-access-control/beyondtrust-remote-support-dacl/m-p/5292907#M596420 <P>This is extremely challenging to do using a dACL for SaaS products since IPs and domain names can change constantly. I would recommending allowing internet access within the dACL and controlling access via an edge firewall instead. You can integrate said firewall with ISE via pxGrid for user/tag data and control access based on application groups with an NGFW.</P> Thu, 22 May 2025 12:07:35 GMT https://community.cisco.com/t5/network-access-control/beyondtrust-remote-support-dacl/m-p/5292907#M596420 ahollifield 2025-05-22T12:07:35Z