Has anyone created a dACL for BeyondTrust Remote Support when machines are in a non-compliant status? By non-compliant, I'm referring to machine authentication only with either failed user login or no user login.
This is extremely challenging to do using a dACL for SaaS products since IPs and domain names can change constantly. I would recommending allowing internet access within the dACL and controlling access via an edge firewall instead. You can integrate said firewall with ISE via pxGrid for user/tag data and control access based on application groups with an NGFW.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
