08-30-2023 11:57 PM
Hello,
I'm looking for a way to configure automatic posture reassessment using AnyConnect client on workstations every X minutes.
This is required to ensure that the workstation is compliant and if a change to the posture policy was made it would be propagated to and initiate a rescan.
I know the Reassessment configuration (PRA) and Posture Settings, but the lowest interval is 60 minutes which is a lot in our case.
08-31-2023 09:46 PM
@Guy Greenshtein We do not recommend performing PRA more frequently than every 4 hours. In case of a posture-policy change, you may use Session Reauthentication API or the like to get them re-evaluated.
09-02-2023 07:22 AM
Hi, thank you for your reply.
I believe that there must be a way to send the same re-authentication command using GUI - under Context Visibility > CoA Reauthentication.
The problem is that it is only valid for endpoints having an active session with ISE PSN and it requires a manual intervention. I was hoping that there's a way to lower the PRA for less than 60 minutes or trigger this automatically within built-in configuration and not API.
09-02-2023 07:02 PM
@Guy Greenshtein PRA is not for this. Besides, it also needs active sessions.
09-03-2023 08:00 AM
In that case I'd like to get a clarification, because based on Cisco's documentation it fits our needs.
If not PRA, what do you recommend beside of API?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide