08-08-2019 04:26 AM
Solved! Go to Solution.
08-08-2019 05:21 AM
Start here: https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621#Visibility
It sounds like you want to Profile the Ubuntu machines and allow certain Authorizations based upon the profiled machine type.
You'll need Plus licenses for this.
08-08-2019 05:21 AM
Start here: https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621#Visibility
It sounds like you want to Profile the Ubuntu machines and allow certain Authorizations based upon the profiled machine type.
You'll need Plus licenses for this.
08-08-2019 05:56 AM
As @Charlie Moreton stated you can do so via profiling endpoints based on your device sensors (NADs). Just note that if you decide to use profiled groups as an authz condition to push policy you will need ISE Plus licenses on top of your ISE Base licenses. Essentially if you push policy to an endpoint based on a profiled group one endpoint would consume one base and one plus license. Another option you could play with is using any of the following conditions:
EndPoints:OperatingSystem Equals XXXX
SessionDevice-OS Equals XXXX
Good luck & HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide