Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
4
Replies

Cisco ISE BYOD with mcafee and wsus

Marco Serato
Level 1
Level 1

‎11-12-2015 01:31 AM - edited ‎03-10-2019 11:14 PM

Hello,

we want to realize a BYOD strategie with use our mcafee and wsus infratructure.

I know that cisco ise can implement these server with a special licence.

Is there from cisco a whitepaper how to implement this BYOD strategie in LAN and WLAN?

What are the requirements (additional software on clients, supported operation systems, wsus and mcafee versions...)? How are treated unknown devices? Are supported android, blackberry, windows phones and apple os? Is pxe boot supported?

 

thanks for answer.

 

Marco

Labels:
0 Helpful
4 Replies 4

kurmai
Cisco Employee
Cisco Employee

‎11-12-2015 01:39 PM

Hi Marco,

The closest document I can find is following:

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119214-configure-ise-00.html

The idea is that if you want to force BYOD devices (like windows tablets) to be compliant with your wsus requirement, the device must have a client installed that can perform the compliance check. The supported client for such purpose is Anyconnect, so you are essentially pushing Anyconnect to the BYOD devices in order to check if latest update is installed, mcafee is up to date etc. This feature (posture) requires advanced license on ISE. The document also contains further version requirement info.

Kurt

0 Helpful

Marco Serato
Level 1
Level 1
In response to kurmai

‎11-13-2015 07:16 AM

Many thanks Kurt.

Can AnyConnect check the system status (wsus and mcafee) also if the user doesn't establish a VPN connection (quasi passive)?
Our clients should connect to a lan or wlan without establishing a vpn connection. I have read about Cisco NAC Agent. Is this to recommend? Can 802.1X be a solution?
You posted a link for wsus implementation. Is there also a weblink for mcafee?

0 Helpful

kurmai
Cisco Employee
Cisco Employee
In response to Marco Serato

‎11-13-2015 08:04 AM

Anyconnect posture module (which checks for wsus/av compliance) is independent of the VPN module, so you can just push the posture module on its own. NAC Agent is a dated product and it's not covered in the document I found, so I'm not sure if it's supported for that scenario. I don't see any document specifically for mcafee integration, but ISE does have built-in posture requirements for mcafee as/av.

0 Helpful

Marco Serato
Level 1
Level 1
In response to kurmai

‎11-16-2015 07:57 AM

Many thanks. That sounds good.

Is there an official cisco dokument where I can find all features and maybe the requirements (License Terms, AV version, WSUS version, AnyConnect version...)?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents