cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

113
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

Posture check as a condition in the AuthZ policy

Hi,

not only my Customer and Partner has the following scenario and it is also a very old problem

A, Corporate SOE machines used by employees (e.g. Windows 7) B, Corporate non-SOE machines used by employees (e.g. MacOS, other Windows flavours) What we want to achieve is to give employees with SOE machines full access and employees with non-SOE machines limited access. The way the can differentiate between an SOE machine vs. non SOE machine is by ie. A file check in the registry or similar. While the posture checks we configured all work as expected, what I am kind of missing is the ability to use the result of a posture check as a condition in the AuthZ policy.

https://search-prd.cisco.com/topic/news/cisco/cs/cs-ise/dsc40140.html

But is there a Solution or workaround available?
Thanks,

Sven

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Posture check as a condition in the AuthZ policy

Sven,

Unfortunately, this is still not supported.  Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.

Regards,

-Tim

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: Posture check as a condition in the AuthZ policy

Sven,

Unfortunately, this is still not supported.  Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.

Regards,

-Tim

View solution in original post

Highlighted
Cisco Employee

Re: Posture check as a condition in the AuthZ policy

Hi,

thanks for your fast reply!

This is good for 802.1x but how should I check via RAS (VPN)

Is there a RADIUS Attribute or anything else?

Regards,

Sven