Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
0
Helpful
6
Replies

Anyconnect and temproal agent

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee

‎12-18-2018 09:51 PM

Is it possible to setup up posture for both anyconnect and temporal agent ?  Not sure CPP can be applicable both.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-19-2018 03:53 AM

Not both at the same time on the same machine but you can configure CPP for AnyConnect and Temporal agent separately. Especially, with 2.4 you can choose which policies apply to which Agent in the posture policies.Screen Shot 2018-12-19 at 5.23.26 PM.png

View solution in original post

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎12-19-2018 08:38 AM

You will need another condition to differentiate the two as both could be applicable.  You can only use one or the other but not both at the same time.  For example, you could use temporal for Windows 7 and AnyConnect for Windows 10.  You could also use AD groups to differentiate as well.

 

Regards,

-Tim

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-19-2018 03:48 AM

Please explain in more detail your use case
0 Helpful

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎12-19-2018 04:54 AM

Use case is that for the users with anyconnect installed will do posture directly, for users w/o anyconnect will do temporal agent.

 
Understand Different client provisioning policy can have different conditions,  for existing anyconnect posture user do they still use client provisioning policy to update profile ?
 
We can’t differentiate user other than the condition of anyconnect installed.
0 Helpful

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-19-2018 03:53 AM

Not both at the same time on the same machine but you can configure CPP for AnyConnect and Temporal agent separately. Especially, with 2.4 you can choose which policies apply to which Agent in the posture policies.Screen Shot 2018-12-19 at 5.23.26 PM.png

0 Helpful

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Surendra

‎12-19-2018 08:03 AM

Screen Shot 2018-12-19 at 10.54.53 PM.png

 

 

can I use the first policy for user who have already installed anyconnect and posture module ,  2nd policy for user w/o anyconnect will go to temporal agent ?

 

 

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎12-19-2018 08:38 AM

You will need another condition to differentiate the two as both could be applicable.  You can only use one or the other but not both at the same time.  For example, you could use temporal for Windows 7 and AnyConnect for Windows 10.  You could also use AD groups to differentiate as well.

 

Regards,

-Tim

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎12-21-2018 04:44 PM

Surendra and Tim are correct. ISE Client Provisioning Policy is using first match.

0 Helpful
Customers Also Viewed These Support Documents