Cisco ISE 2.4 Posture Client Version/OS Control

awatson20 · ‎01-07-2021

With ISE 2.4, is it possible to perform posture assessment for BYOD and Guest clients where the condition involves checking the browser version or OS version to ensure compliance? Is the Anyconnect agent required for the posturing?

pavagupt · ‎01-07-2021

Posture supports Windows and macOS operating systems. As long as BYOD and Guest devices are operating on these OS, it is possible for you to assess posture of the devices. Refer to Posture perspective deployment Guide for more details on different options.

if you don't want AnyConnect persistent agent to be installed, you could make use of AnyConnect temporal agent. But has limitation on supported posture checks. Refer to 2.4 admin posture guide

awatson20 · ‎01-08-2021

Can you elaborate on what this means?

Set Posture Status for Nonagent Devices

You can configure the posture status of endpoints that run on non-agent devices like Linux or iDevices. When Android devices and Apple devices such as an iPod, iPhone, or iPad connect to a Cisco ISE enabled network, these devices assume the Default Posture Status settings.

pavagupt · ‎01-08-2021

For non-supported devices like iPod, iPhone going through posture, ISE gives access based on the Administration > System > Settings > Posture > General Settings > Default Posture Status settings. i.e if it is set to Compliant, non-supported devices gets compliant access.