08-16-2016 09:00 AM
Hi,
not only my Customer and Partner has the following scenario and it is also a very old problem
A, Corporate SOE machines used by employees (e.g. Windows 7) B, Corporate non-SOE machines used by employees (e.g. MacOS, other Windows flavours) What we want to achieve is to give employees with SOE machines full access and employees with non-SOE machines limited access. The way the can differentiate between an SOE machine vs. non SOE machine is by ie. A file check in the registry or similar. While the posture checks we configured all work as expected, what I am kind of missing is the ability to use the result of a posture check as a condition in the AuthZ policy.
https://search-prd.cisco.com/topic/news/cisco/cs/cs-ise/dsc40140.html
Sven
Solved! Go to Solution.
08-16-2016 09:21 AM
Sven,
Unfortunately, this is still not supported. Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.
Regards,
-Tim
08-16-2016 09:21 AM
Sven,
Unfortunately, this is still not supported. Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.
Regards,
-Tim
08-16-2016 09:31 AM
Hi,
thanks for your fast reply!
This is good for 802.1x but how should I check via RAS (VPN)
Is there a RADIUS Attribute or anything else?
Regards,
Sven
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide