05-06-2019 07:24 PM - edited 02-21-2020 09:06 AM
Hi Community,
Cisco released note for FTD 6.3 has not officially included posture in this version, would this create an issue with future support assuming we successfully implement posture?
Regards,
05-06-2019 09:33 PM
05-07-2019 01:46 AM
The RADIUS + Change of Authorization (CoA) feature support in FTD 6.4 includes using ISE (as a RADIUS server) to assess posture and then send a CoA to FTD as a result of the posture assessment.
See @hslai 's posting here:
https://community.cisco.com/t5/firepower/ftd-remote-access-vpn-with-ise-posture/m-p/3848834
05-09-2019 07:14 PM
Hi Marvin,
Is that also true for the support for AnyConnect ISE posture in Firepower 6.4? The release notes for 6.3 and 6.4 doesn't state this explicitly, and the config guides for 6.3 and 6.4 are identical on support for ise posture
The only supported VPN client is the Cisco AnyConnect Secure Mobility Client. No other clients or native VPNs are supported. Clientless VPN is not supported for VPN connectivity; it is only used to deploy the AnyConnect client using a web browser.
The following AnyConnect features are not supported when connecting to an FTD secure gateway:
Regards,
Rick.
05-09-2019 07:48 PM - edited 05-09-2019 07:55 PM
When doing posture, the assessment is done between the client and ise over anyconnect.
Between ftd and ise, you need coa, communication with ise and url redirect. The first 2 I'm sure these are working fine but for the last one (url redirect), not tested yet and not sure if that works.
Maybe @marvin has tested this last capability.
11-24-2020 05:34 AM
Can the PostureRedirectSGT be replaced to a final SGT by means of CoA ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: