cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1225
Views
6
Helpful
2
Replies

Dynamic Posture Scan

nikhilcherian
Level 5
Level 5

Dear All,

Is there way to check dynamically the posture status in the client using anyconnect. For eg:- my client before connecting to the network undergoes a posture check.Say I have AV check, which was a success. After the authentication is completed & the PC is connected to the network, user can disable the AV in the PC, which is not a fair thing ( if the user have managed AV, it is not a big concern, but in many places I have seen un-managed AV)

In this case, can the anyconnect alert the ISE, if there is a change in the Posture conditions or is the only option to go with Periodic re-assessments

Regards

Nikhil

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

In ise 2.2 with AnyConnect 4.4 the application service check is updated periodically for compliance visibility but checks for rememdation rely on PRA

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/210514-ISE-2-2-Client-Provisioning-and-Applicat.html

The only dynamic check is USB check

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/configure-posture.html#id_24158

Sent from my iPhone

View solution in original post