Cisco ISE - Posturing of a Linux Endpoint - Is it possible?

alberto.herrera117 · ‎12-16-2014

We have a customer who wants to implement Cisco ISE and one of their requests is to posture Linux endpoints in addition to Windows endpoints.

They have a set of system checks that they perform on Linux machines (catered towards RedHat) which they would like to be performed by ISE.

From what I know prior to researching for this request was that the NAC agent is only compatible with endpoints running Windows or Mac OSX.

Digging around, Linux endpoints are postured with a 'default-posture' status and thus an accompanying authorization profile must be set for 'default-posture'. I can't seem to find how to perform file checks, service checks, etc. on a Linux endpoint. Are these type of checks possible with Cisco ISE posture assessment on a Linux endpoint?

One item that I found is to use the Host Scan package within the AnyConnect Posture module on a Linux endpoint.

I see this as defeating the purpose of centralizing posturing on the ISE since the AnyConnect and ASA will be doing the posture checking.

Any thoughts? Thanks in advance.

nspasov · ‎12-18-2014

Hello Alberto, posture assessment is not yet supported with ISE/AnyConnect. For more info check out the posture section in the ISE 1.3 Admin Guide:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html

Thank you for rating helpful posts!

Venkatesh Attuluri · ‎12-18-2014

There is no support on ISE for anyconnect  posture for Linux