Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1330
Views
0
Helpful
1
Replies

How AnyConnect UUID is made

jpoh
Cisco Employee
Cisco Employee

ā€Ž04-29-2019 03:21 AM

Hi Team,

customer is interested on posture lease feature where they can posture user once per day instead of every login. Saw below statement in tech zone.

"

  • To avoid re-posture at each session id change posture lease can be used. In this scenario information about posture status is stored in the endpoint attributes which stays on ISE even if session ID gets changed.

"

Is the end point attributes refer to AnyConnect UUID? If yes, how we do form this UUID? Can this UUID easily con by others to fool ISE? Customer is using master image for all new laptop. Does this mean all laptop will have same UUID for AC?

 

Appreciate and hope to get advise on UUID area. The InfoSec team of this customer don;t approve posture lease of 1 day as they think AC UUID can be con by others. Will be good if we have links or document that explain how we generate the UUID during installation.

 

Regards &

Have a nice day

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

ā€Ž05-11-2019 05:01 PM

See UDID Integration

The endpoint attribute is PostureExpiry. IIRC, ISE uses UDID to query the endpoint for that attribute and verify whether it expires.

0 Helpful
Customers Also Viewed These Support Documents