cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
274
Views
0
Helpful
1
Replies

Does AnyConnect Posture re-scan endpoint just before remediation timer expires to see if it got remediated

Mike Masalla
Level 1
Level 1

Hi ISE gurus,

I have ISE 1.3, P5 and using AnyConnect 4.0 for dot1x and posture check.

The posture requirement is Antivirus Installation and Definition date for Windows endpoints and it was working fine until I changed Posture Requirement from Audit mode to Mandatory.

The endpoints who have out-of-date AV, matches to Remediation policy, which gives them permission to access the in-house AV server, and they do get the update usually within 7-minutes from Remediation Timer kick off, which I set to 10-minutes.

The issue is, AC Agent do not re-scan to see if the endpoint got remediated, and the Remediation Timer expires, and endpoint get tagged as non-compliant until someone refreshes the network connection by AC Network Repair, or restart the endpoint to force posture check .

I wonder if that is normal behaviour, or its a bug in AC 4.0, or I am missing configuration here or there.

Appreciate your expertise

Mike

1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

When remediation is complete, all of the checks listed as required updates appear with a Done status and a green checkbox. Do we see the same? Also can you generate the ISE posture logs from the endpoint and upload it here? ~ Jatin

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: