Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1234
Views
0
Helpful
3
Replies

Cisco ISE Posture

Drthrax
Level 1
Level 1

‎03-08-2020 12:30 AM

Hello Everyone , 

I am deploying Cisco ISE with a lot of confusion ,

I have some questions please :

1- Do we have to have 802.1x to deploy ISE posture ? 

2- Am I obliged to create a profile and copy it to the user's PC ( usually in programdata/Cisco/ISEposture 

3- Is there a way to create ISE posture without having to do anything on the client side beside downloading Cisco anyconnect + ISE posture module ?

4- Can someone please explain the concept behind URL redirection and what alternative methods we have for posturing 

5- I see that I have no server detected while deploying can someone state what could be the reasons behind this 

I am very eager to know the answer to these questions 

thank you a lot in advance ! 

 

0 Helpful
3 Replies 3

pavagupt
Cisco Employee
Cisco Employee

‎03-08-2020 11:50 AM

Hello

You could use ISE posture service in your network in below ways..
1. for checking compliant policies on user devices — an agent would be deployed to check for posture compliance whenever devices connects to network.
               a. If 802.1x is deployed in enterprise
               b. Easyconnect + Posture service — for open network cases.
2. for checking compliance of guest devices showing up in your network with the help of temporal agent — usually deployed on open networks/MAB.

As long as your endpoint is compatible with any connect, you could deploy Cisco anyconnect .. please follow this video series  for posture configuration Or  Posture-deployment guide. 

Once you go through above, i hope you will get a good understanding.

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎03-10-2020 08:06 AM

> Do we have to have 802.1x to deploy ISE posture ?

You can use it via VPN so 802.1X is not required. Ultimately, 802.1X with RADIUS is how you control the session authorization with wired and wireless.

 

See the ISE Posture Prescriptive Deployment Guide and YouTube Posture Configuration Video Series for answers to your other questions and many more.

0 Helpful

Drthrax
Level 1
Level 1
In response to thomas

‎03-10-2020 08:14 AM

Hi ,
thank you for your reply,
As I already reviewed the document , My only problem here is that I am obliged to install the PostureprofileCFG on the endpoint otherwise it will not work , I don't get how to let ISE install the profile directly on the endpoint .
P.S : I am using posture on anyconnect VPN users via ASA.
If I don't install the profile manually on the device I always get no policy server
thanks
0 Helpful
Customers Also Viewed These Support Documents