topic Re: policy set not working in Network Access Control

policy set not working

zacht5476 — Wed, 08 Oct 2025 17:00:49 GMT

I'm in a testing environment, i'm going only passiveID no network devices. I deployed the PIC agent on the DC and everything is working, however when i tested the policy set to deny access based on the AD groups it still grant access. what im i missing?

the reason why im not using network devices is because im in the military and the NEC controls all the network devices and i am not allowed to touch them.

Re: policy set not working

k2no — Wed, 08 Oct 2025 20:10:22 GMT

Hi,

I suppose you deployed an agent from the ise directly ?

Check if you domains controller are reachable by the ise in the work center, also if the agent itself is running in the DC machine.

Also check if you don't have any flows blocked by you firewall or any act that could drop the traffic between the ise and your DC. Port 9095 has to be allowed.

Re: policy set not working

zacht5476 — Wed, 08 Oct 2025 20:16:13 GMT

yes, its reachable and no firewalls are blocking it