Solved: Re: Dynamic Posture Scan

nikhilcherian · ‎05-13-2017

Dear All,

Is there way to check dynamically the posture status in the client using anyconnect. For eg:- my client before connecting to the network undergoes a posture check.Say I have AV check, which was a success. After the authentication is completed & the PC is connected to the network, user can disable the AV in the PC, which is not a fair thing ( if the user have managed AV, it is not a big concern, but in many places I have seen un-managed AV)

In this case, can the anyconnect alert the ISE, if there is a change in the Posture conditions or is the only option to go with Periodic re-assessments

Regards

Nikhil

Jason Kunst · ‎05-13-2017

In ise 2.2 with AnyConnect 4.4 the application service check is updated periodically for compliance visibility but checks for rememdation rely on PRA

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/210514-ISE-2-2-Client-Provisioning-and-Applicat.html

The only dynamic check is USB check

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/configure-posture.html#id_24158

Sent from my iPhone

View solution in original post

Jason Kunst · ‎05-13-2017