Solved: Re: Is it possible to check windows 7 client health?

skec.cv9221 · ‎07-19-2017

Hello,

We are planning to deploy Cisco ISE to vlan assignment by MAC authentication.

But we also would like to assign vlan by windows client's health status.

We already have client health(virus engine, required programs) check program for NAP/NPS and We are using it in HQ.

Is it possible to use client health information for Cisco ISE?

(We can customize our client health check program if there are things like SDK for Cisco ISE. )

Thank you!

hariholla · ‎07-20-2017

Yes, we can assess the client's health (Anti-virus software / signatures, required programs / files) and control access to them. You'll need the Cisco AnyConnect agent to be able to do this. Details here:

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies [Cisco Identity Ser…

Microsoft NAP/NPS is End-of-Life and if you still want to use it, then you can proxy ISE to the microsoft services, such that the compliance status can be shared with ISE for authorization.

Cheers!

-Hari

View solution in original post

hariholla · ‎07-20-2017

Yes, we can assess the client's health (Anti-virus software / signatures, required programs / files) and control access to them. You'll need the Cisco AnyConnect agent to be able to do this. Details here:

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies [Cisco Identity Ser…

Microsoft NAP/NPS is End-of-Life and if you still want to use it, then you can proxy ISE to the microsoft services, such that the compliance status can be shared with ISE for authorization.

Cheers!

-Hari

skec.cv9221 · ‎07-20-2017

Thank you for your reply!

I'll have a look for it.

Thank you.