Solved: Re: Cisco ISE Agentless Posture Remediation limitations

laurathaqi · ‎05-24-2021

Dear community,

Based on documentation and GUI, Cisco ISE 3.0 Agentless Posture does not allow Requirement Remediation Actions to be selected when creating the Requirement Policy. So I was thinking the following: If user gets Postured and does not fulfill the Policy requirements, place it into a specific VLAN and show a notification what is missing.

My doubts are in regards the notification part. How can I achieve that in regards the endpoint.

Any thoughts or suggestions would be highly appreciated.

Thank you,

Laura

thomas · ‎06-01-2021

You would need to setup an Authorization Profile that does a URL redirect to a web server with a page that describes problem. This assumes that the endpoint 1) has a user and 2) the user tries to open a web browser to get redirected.

This is exactly why agentless posture is recommended only for Visibility.

For Remediation capabilities and user Messaging please use AnyConnect.

View solution in original post

thomas · ‎06-01-2021

You would need to setup an Authorization Profile that does a URL redirect to a web server with a page that describes problem. This assumes that the endpoint 1) has a user and 2) the user tries to open a web browser to get redirected.

This is exactly why agentless posture is recommended only for Visibility.

For Remediation capabilities and user Messaging please use AnyConnect.

KelvinT · ‎06-10-2021

Hi and thanks.

Any idea if Cisco plan on adding this feature in future release?