Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2645
Views
5
Helpful
4
Replies

Cisco ISE Posture Re-Check

MohamedBenHmida
Level 1
Level 1

‎12-29-2021 03:12 AM

I have deployed a Cisco ISE Posture solution, after completing all the required steps, i found that the Posture check work only when a user disconnect and start a new session (Windows user in my case), i just want to ask for any solution to make the Cisco Anyconnect send periodic posture Check informations independently of the user Session, because most of our user Lock their screen without disconnecting from their session (Windows + L).

 

Labels:
0 Helpful
4 Replies 4

Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-29-2021 05:13 AM

i just want to ask for any solution to make the Cisco Anyconnect send periodic posture Check informations independently of the user Session

-Please see the section "Periodic Reassessments" found here: ISE Posture Prescriptive Deployment Guide - Cisco Community

0 Helpful

MohamedBenHmida
Level 1
Level 1
In response to Mike.Cifelli

‎12-29-2021 08:31 AM

I did configure a Periodic Reassessment and it send periodic Posture Report every 1 Hour, but the Posture Compliance sent by the PRA is not the result of a new Posture Check, for example an authenticated and compliant user which is connected and have an active session, i've changed the Posture condition just to make it NonCompliant using the PRA but the PRA always send the Compliance of the First Check, it did not change dynamcially, it is like theres no Re-check of compliance the PRA send just the same Report as the First access of the User to the network

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-30-2021 07:37 AM

Totally understand your concern here now.  Just to give you an overview of some events that will trigger probe discovery:

-User login

-Power Events

-Interface changes

-Default GW change

-OS resume after being asleep

-Initiate fresh posture installation

-Fresh 802.1x authentication

Try taking a peek at your global posture settings to see if you could potentially tweak something there to meet your desire/needs.

MohamedBenHmida
Level 1
Level 1

‎12-30-2021 11:53 PM

Thank you for your Reply Mike, so i can understand from you that pratically there's no real automatic update of compliance, a trigger event had to occur for a new check to take effect. 

in my situation i don't think the ISE posture will answer my company needs, because we have around 500 users always connected to the network.

0 Helpful
Customers Also Viewed These Support Documents