Solved: Re: Cisco ISE Posture Policy not Updating on client.

joeharb · ‎11-13-2018

I created Posture Policy to for application Collection and to verify a process was running the machine. I have add a few more requirements to the original Policy but the client isn't checking for the new ones, only the original 2. Is this updated dynamically or do you simply have to create a new one...what if you want to remove a requirement?

Thanks

Joe

Surendra · ‎11-13-2018

Did you have posture lease configured by any chance on your ISE? IF yes, request you to delete the endpoint from the ISE and then try again.

View solution in original post

Jason Kunst · ‎11-13-2018

The client will only check on new authentication. Did you try doing a COA session termination to kick off a new request?

joeharb · ‎11-13-2018

I have rebooted/disabled the NIC, migrated from wired to wireless but it still only scans for "2" items.

Thanks,

Joe

Aravind Ravichandran · ‎11-13-2018

Hi Joe,

Are you able to see all the conditions in Posture detailed log?

If you have selected audit for some posture conditions, it won't show in scan summary on the anyconnect.

-Aravind

Surendra · ‎11-13-2018

Did you have posture lease configured by any chance on your ISE? IF yes, request you to delete the endpoint from the ISE and then try again.

joeharb · ‎11-14-2018

I have checked the posture report and it only shows the 2 requirements, all 4 of the ones are set to mandatory. Posture Lease is set for every time user connects to network.

Please advise,

Joe