03-02-2020 04:32 AM
Hi Experts,
I am using ISE 2.2.0.470 with patch 16
I have created a few profiling policies to segregate laptops, and then called them in logical profile as corporate laptops.
Using this logical profile I want to run a few posture policies only for laptops.
But, now I am stuck, as I am not able to call this logical profile inside my posture policy.
I can see that there is something called as NAC_Profiler, is that similar to endpoint groups or logical profiles?
If calling logical profiles is not possible then, is it possible to move the endpoint groups that are created by profiling policies to under some other parent groups, such as Registered endpoints, as I can see that is populating in posture policy here:
Is this something which is limited by the design or there is any workaround that I should be looking at?
03-02-2020 10:21 AM
03-02-2020 09:47 PM
I am under the other conditions in posture polices, but the endpoints is not listed here...
As here the endpoints is not visible under it, where as its listed under authorization policies.
Now the question is, is this something that is supported in this version of ISE?
03-03-2020 05:57 AM
03-03-2020 02:23 PM
ISE 2.2 does not support those matching conditions in Posture or Client Provisioning Policies. The ability to match on these conditions was not added until ISE 2.3+ as per the Release Notes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: