cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3592
Views
9
Helpful
9
Replies

Anyconnect ISE Posture Issues

Rahul Govindan
VIP Alumni
VIP Alumni

Two concerns

1) Is there a way to have a more intuitive approach to Posture non-compliance with the Anyconnect ISE posture module? The requirement is to have a non-compliant user be disconnected (or assigned a quarantine policy) when compliance checks fails, no remediation needed. Right now, the remediation window always pops up (in spite of my remediation action set to "Message Text Only" and runs for the remediation timer (minimum of 1 minute). This is really confusing to the end user as the message next to the posture condition is always "Click Start to Begin". Clicking start provides another dialog where the user clicks "Cancel". I could not find any way to not have the scary pop-up show up when I fail compliance. User has to wait for 1 minute at a minimum for the whole remediation process before it timing out. I feel that there should be a better way of handling this. Can there be a "No remediation" option the Remediation actions?

2) ISE posture audit mode. When set to audit mode, the ISE posture always shows up as compliant in the ISE posture reports. What most Admins would like to see is a report where I can see Compliant and Non-Compliant users without actually affecting initial deployment (and running it in mandatory mode) I know that this is a bug since the 1.3 release:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus84376/?reffering_site=dumpcr

Is there a better way to run posture without affecting users and still figuring out who would fail if the posture if it was run in a non-audit mode?

This is not the first time I am running into these issues so trying to see if others have the same problems during deployments.

9 Replies 9

paul
Level 10
Level 10

For #2 you are running the wrong report.  Run the Posture Assessment by Condition report and set the filter to Condition Status failed.  The Posture Assessment by Endpoint wont help.  As you said, it shows everything as compliant when you are auditing.  Although if you click details of the report you can see the audit conditions that failed.

Hi Paul,

I did try to look at that report. The problem with that is when I have a posture policy with 3 AND conditions and the second one fails, the 3rd condition check gets skipped and not checked. But, I think I could get away with it by configuring 3 separate posture policies with same matching condition but different requirements. Looking at the details in the Posture compliance report is a little cumbersome when it deployed across the board. Thanks for your thoughts on this.

Yeah I usually separate out my posture rules for readability:

Domain Computer McAfee AV Installed

Domain Computer McAfee AV Definitions Current

Domain Computer McAfee EPO Agent Running

Domain Computer Critical Patches Applied

Etc.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

hslai
Cisco Employee
Cisco Employee

For the question 1, I would suggest you to try AnyConnect 4.4 and CM 4.2 in stealth mode.

I have the same problem, I don't really want to show any messages and confuse the user.

I have a requirement for a registry key (check if device is joined to AD) - when I enable stealth mode, i only have two options as remediation, and none of those apply to me

remediation.jpg

Hi, If the remediation is set to manual than the window will pop up asking to start remediation, if you set to Automatic the window will not pop-up

If you want to see whats happening in remediation, in the System Scan module, you can click on the Detail dialogue prompt.

Hope that helps

Regards

edondurguti
Level 4
Level 4

Hi, thanks for your reply. I really don't see an option for registration remediation, so I can't really figure out how to do automatic. thanks

Edon,

Not all remedations actions allow for manual/automatic option as these tend to be usually AV, Patches etc.  But here is an example:-

Antivirus Remediation

The following table describes the fields in the AV Remediation page. The navigation path is Policy > Policy Elements > Results > Posture > Remediation Actions > AV Remediation.
Table C-23 Antivirus Remediation
Fields
Usage Guidelines
Name
Enter a name for the antivirus remediation.
Description
Enter a description for the antivirus remediation.
Remediation Type
Choose one of the following:
  • Automatic —When selected, you should enter values for the Interval and Retry Count.
  • Manual —When selected, Retry Count and Interval fields are not editable.
Interval (in seconds)Enter the time interval in seconds that clients can try to remediate after previous attempts.
Retry CountEnter the number of attempts that clients can try to update an antivirus definition.
Operating SystemChoose one of the following:
  • Windows
  • Macintosh —when selected Remediation Type, Interval, and Retry Count fields are not editable
AV Vendor Name
Choose the antivirus vendor

Thanks

Sent from my iPhone

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: