Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1542
Views
0
Helpful
2
Replies

How to identify ISE Posture Redirect ACL for access to services

Go to solution
xili5
Cisco Employee
Cisco Employee

‎04-02-2018 02:16 AM

Hi,

When we use anti-virus remediation, I should put destination server where AV software goes to download latest virus definition to the permit list in redirect ACL. Is there an effective way to find out which destination server I must permit to have definition remediation working? Do I have to do packet capture during definition update?

br,

Martin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-02-2018 09:00 AM

Ask the vendor what their IPs are but if its in the cloud that is subject to change.

If you are using cisco wireless you can open up the domain using URL DNS based acls

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110101.html#concept_AEEDD6D25578413784092B48A4636163

The easiest would be just to allow the internet in the pre-posture state. If you don’t like that then you can integrate with WSA and have a policy shared with PXGRID for non-compliant or pre-posture state that only allows certain internet sites

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-02-2018 09:00 AM

Ask the vendor what their IPs are but if its in the cloud that is subject to change.

If you are using cisco wireless you can open up the domain using URL DNS based acls

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110101.html#concept_AEEDD6D25578413784092B48A4636163

The easiest would be just to allow the internet in the pre-posture state. If you don’t like that then you can integrate with WSA and have a policy shared with PXGRID for non-compliant or pre-posture state that only allows certain internet sites

0 Helpful

Go to solution
Craig Hyps
Advocate
Advocate
In response to Jason Kunst

‎04-02-2018 10:32 AM

The remediation server is often configured in client.  As part of a managed client, the settings are often set at the AV server / Client Security management app.  It may also be part of the install build.  In any case, the remediation server is often the IP of the client manager unless generic AV support where rely on Internet updates.  That option could be determined from direct logging as Jason suggested, or simply query vendor (or Google) as to the FQDN of the Internet service.  These can be tricky as the actual IP can change if using distributed cloud service.  This is a case where domain-based ACLs may be required to avoid opening large blocks of potential IPs based on region.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents