05-16-2024 09:52 AM - edited 05-16-2024 10:02 AM
Good afternoon,
Does anyone know of way to configure a timeout or time limit for an endpoint to be in a Pending or Posture Unknown state?
We are concerned about credential theft and unauthorized devices remaining in this state with access.
Thank you
05-16-2024 05:16 PM
I suppose you could start with returning a Session-Timeout in your ISE Authorization Profile. When that timer expires, then the client will be re-auth'd and then it will be re-assessed. I am not experienced with Posture flow, but how would you like to handle endpoints that exceed their allotted time during posture assessment?
The Posturing Prescriptive Guide might have some insights.
05-16-2024 06:18 PM
I haven't played around with these setting, but you can try
Administration > Settings > Posture > General Settings:
there is continuous monitoring setting, which basically states how frequently any connect will send status update to ISE.
If posture state changes to Unknown your policy should be such that it pushes different authorization profile to endpoint and limits their access to only resources required to become compliant.
you can read more under "posture general setting" here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide