Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1923
Views
20
Helpful
3
Replies

Compliance module 3.x and 4.x question

Go to solution
AIN UL BADAR
Level 4
Level 4

‎02-04-2019 04:38 PM

Hello folks,

I ran into an issue where I'm checking for the latest/up-to-date windows patches using BMC Software Patch Management (Policy > Policy Elements > Condition > Patch Mgmt Condition) and latest Symantec Anti-Virus definitions ((Policy > Policy Elements > Condition > Anti-Virus Condition).

The problem is, patch management works with Compliance Module 4.x and Anti-Virus works with 3.x.

Question is:

[1] Do I have to create two separate AnyConnect Configuration files for Posture?

[2] I'm also deploying AnyConnect and Posture Modules throughout our organization, do I have to bundle both 3.x and 4.x version together with AnyConnect Client software and then deploy it on all the endpoints?

I'm just confused, how two different versions of Compliance modules will run together for different purposes (Patch management and AV).

Thank you

Ain

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pan
Cisco Employee
Cisco Employee

‎02-04-2019 09:15 PM

You have to use either 3.x or 4.x for your network.

 

anyconnect complaince module.png

 

If you are using 4.x then for antivirus you need to use antimalware condition

If you are using 3x. then you need to use antivirus condition.

 

Check below link (End-of-Life Dates for Legacy AnyConnect ISE Compliance Module 3.6.x.x and Earlier)

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/bulletin-c25-739603.html

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-04-2019 08:42 PM

Hi

You need to convert your AV compliance condition and requirement from 3.x version to anti malware which is AV check in version 4.x.
Then you deploy only version 4.x
You can't have both versions at the same time.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
pan
Cisco Employee
Cisco Employee

‎02-04-2019 09:15 PM

You have to use either 3.x or 4.x for your network.

 

anyconnect complaince module.png

 

If you are using 4.x then for antivirus you need to use antimalware condition

If you are using 3x. then you need to use antivirus condition.

 

Check below link (End-of-Life Dates for Legacy AnyConnect ISE Compliance Module 3.6.x.x and Earlier)

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/bulletin-c25-739603.html

Go to solution
AIN UL BADAR
Level 4
Level 4
In response to pan

‎02-05-2019 11:21 AM

Thank you sir for helping me out. Appreciate it.

Ain

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents