Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
1
Replies

Agent-request-type attribute behaviour and can it be used in authorisation policy

Go to solution
Uggen
Cisco Employee
Cisco Employee

‎03-10-2019 12:59 AM

hi all, 

 

First, I would like to know how an session attribute (example Agent-Request-Type)  behaviours in authorisation rule and posture policy rule 

 

Agent-Request-Type is a session attribute for posture selectively apply posture requirements either during initial posture assessment or during periodic reassessments of clients.

 

Second, I have gone through soo many document stating it's can used in posture policy rule but i didn't  find any document saying it worked when used it authorisation rule. Therefore,  I would like to know is it usable in authorisation rule  and if does how it should work ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎05-12-2019 04:13 AM

Hello Uggen, !

 

now regarding this question check this document and mostly at this part 

https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/user_guide/ise_user_guide/ise_pos_pol.pdf

 

 

Session Agent-Request-Type The Session dictionary that you choose from the Dictionaries widget has the following attributes and values.

– Agent-Request-Type—Initial and Periodic Reassessment are the values.

– OS-Architecture—32-bit and 64-bit are the values.

– URL-Redirected—Specify the value.

By default, all the matching posture requirements are validated upon initial posture assessment and then periodically according to the periodic reassessments that are defined for posture assessment of clients.

The Session attribute Agent-Request-Type can be used in the posture policy to selectively apply posture requirements either during initial posture assessment or during periodic reassessments of clients.

– To apply a matching posture requirement during initial posture assessment only, set the Session Agent-Request-Type attribute EQUAL to Initial.

– To apply a matching posture requirement during periodic reassessment only, set the Session Agent-Request-Type attribute EQUAL to Periodic Reassessment. – To apply a matching posture requirement to both the initial posture assessment and periodic reassessments, then do not set the Session Agent-Request-Type attribute in the posture policy

 

the point here this is used as condition for posture requirement  to choose based on the poster session, this is not related to authorization policy on policy sets for radius authentication.

 

because this agent-request doesn't come with radius traffic and then how you can use it on authorization profile,

 

the option  i can see it is that doing  policies on posture so if it become non compliant there will be authorization policy to for it.

 

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎05-12-2019 04:13 AM

Hello Uggen, !

 

now regarding this question check this document and mostly at this part 

https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/user_guide/ise_user_guide/ise_pos_pol.pdf

 

 

Session Agent-Request-Type The Session dictionary that you choose from the Dictionaries widget has the following attributes and values.

– Agent-Request-Type—Initial and Periodic Reassessment are the values.

– OS-Architecture—32-bit and 64-bit are the values.

– URL-Redirected—Specify the value.

By default, all the matching posture requirements are validated upon initial posture assessment and then periodically according to the periodic reassessments that are defined for posture assessment of clients.

The Session attribute Agent-Request-Type can be used in the posture policy to selectively apply posture requirements either during initial posture assessment or during periodic reassessments of clients.

– To apply a matching posture requirement during initial posture assessment only, set the Session Agent-Request-Type attribute EQUAL to Initial.

– To apply a matching posture requirement during periodic reassessment only, set the Session Agent-Request-Type attribute EQUAL to Periodic Reassessment. – To apply a matching posture requirement to both the initial posture assessment and periodic reassessments, then do not set the Session Agent-Request-Type attribute in the posture policy

 

the point here this is used as condition for posture requirement  to choose based on the poster session, this is not related to authorization policy on policy sets for radius authentication.

 

because this agent-request doesn't come with radius traffic and then how you can use it on authorization profile,

 

the option  i can see it is that doing  policies on posture so if it become non compliant there will be authorization policy to for it.

 

 

0 Helpful
Customers Also Viewed These Support Documents