cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3073
Views
15
Helpful
4
Replies

ISE Posture Last state caching

Sitita
Level 1
Level 1

How can ISE on last state of clients

My clients are installed Posture agent and I had configure authorize to be like this pic It's working fine clients can redirecting to url to download an agent to install and posture can health checking and CoA to change status

authorize.jpgBut After I had rebooted my computer, ISE wasn't remember last state of clients which are installed an agent

state.jpgWhat should I have to do more on policy?

3 Accepted Solutions

Accepted Solutions

Hi,

There are 2 things to be considered here.

  1. If you are talking about Posture lease, there is a option Administration->Systems->Settings->Posture->General settings,in which if
    Posture Lease
     
     
     
     
  2. Posture compliant cache status is available in ISE 2.4,there is a option under posture->general settings->below Posture lease
     Cache Last Known Posture Compliant Status
     
    Hours
     where you can mention last known posture compliant state in minutes/hours/days,range upto max 30days/720 hours/43200 minutes can be configured.
-Aravind

View solution in original post

I think this is what it does.

 

Cisco ISE provides an option to configure grace time for devices that become noncompliant. Cisco ISE caches the results of posture assessment for a configurable amount of time. If a device is found to be noncompliant, Cisco ISE looks for the previously known good state in its cache and provides grace time for the device, during which the device is granted access to the network. You can configure the grace time period in minutes, hours, or days (up to a maximum of 30 days).

View solution in original post

4 Replies 4

Hi,

There are 2 things to be considered here.

  1. If you are talking about Posture lease, there is a option Administration->Systems->Settings->Posture->General settings,in which if
    Posture Lease
     
     
     
     
  2. Posture compliant cache status is available in ISE 2.4,there is a option under posture->general settings->below Posture lease
     Cache Last Known Posture Compliant Status
     
    Hours
     where you can mention last known posture compliant state in minutes/hours/days,range upto max 30days/720 hours/43200 minutes can be configured.
-Aravind

Peter Koltl
Level 7
Level 7

What is the difference?

I think this is what it does.

 

Cisco ISE provides an option to configure grace time for devices that become noncompliant. Cisco ISE caches the results of posture assessment for a configurable amount of time. If a device is found to be noncompliant, Cisco ISE looks for the previously known good state in its cache and provides grace time for the device, during which the device is granted access to the network. You can configure the grace time period in minutes, hours, or days (up to a maximum of 30 days).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: