12-16-2014 07:58 AM - edited 03-10-2019 10:16 PM
We have a customer who wants to implement Cisco ISE and one of their requests is to posture Linux endpoints in addition to Windows endpoints.
They have a set of system checks that they perform on Linux machines (catered towards RedHat) which they would like to be performed by ISE.
From what I know prior to researching for this request was that the NAC agent is only compatible with endpoints running Windows or Mac OSX.
Digging around, Linux endpoints are postured with a 'default-posture' status and thus an accompanying authorization profile must be set for 'default-posture'. I can't seem to find how to perform file checks, service checks, etc. on a Linux endpoint. Are these type of checks possible with Cisco ISE posture assessment on a Linux endpoint?
One item that I found is to use the Host Scan package within the AnyConnect Posture module on a Linux endpoint.
I see this as defeating the purpose of centralizing posturing on the ISE since the AnyConnect and ASA will be doing the posture checking.
Any thoughts? Thanks in advance.
12-18-2014 03:24 AM
Hello Alberto, posture assessment is not yet supported with ISE/AnyConnect. For more info check out the posture section in the ISE 1.3 Admin Guide:
Thank you for rating helpful posts!
12-18-2014 04:56 AM
There is no support on ISE for anyconnect posture for Linux
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide