10-09-2019 12:02 AM - edited 02-21-2020 11:10 AM
Hi All,
Is there a way to identify corporate MacOS vs non-corporate MacOS machine? We are using ISE as radius server for our VPN, Wired and Wireless connection with login using username. We wanted to limit the clients to only use MacOS provided by the company and not allow connection for non-corporate MacOS.
Solved! Go to Solution.
10-09-2019 05:39 AM
10-09-2019 05:39 AM
10-25-2019 03:38 AM
@Mike.Cifelli wrote:
A couple of options to accomplish your goal:
-You could deploy specific VPN profiles with unique tunnel group names and do a match in your client provisioning policy utilizing Cisco-VPN3000:CVPN3000/ASA/PIX7x-Tunnel-Group-Name EQUALS <your tunnel group name>.
-Determine a piece of corporate software that you could setup a posture check on to determine that the host is truly a corporate machine
-Utilize other conditions in client provisioning policy that do a check against your identity source to determine if truly a corporate asset
I would recommend thinking about how your corporate machines are unique and how you can determine that they are unique & truly your asset. Good luck & HTH!
Right unlike windows this information is not available as a machine auth or user auth. Perhaps you can deploy JAMF? or EAP-TLS only for corporate machines to use certificate auth? and not corporate only allowed to use user/password?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide