10-23-2017 09:16 AM
Hi Folks,
I'm looking for some helps again.
During deployment we found some users are running VM host and NATed to their physical host, it seems ISE cannot detect it.
Is there a way to block this kind use case? I remember Forscout can detect NATed device with TTL.
Does ISE have this feature?
thank you.
Solved! Go to Solution.
10-23-2017 10:10 AM
The Forescout model is interesting (https://www.forescout.com/wp-content/uploads/2015/12/ForeScout-CounterACT-Network-Address-Translation-NAT-Detection-Tech-Note.pdf) but seems pretty difficult to scale since it appears to require an appliance an a SPAN port to implement the TTL technique you are describing.
You may be able to accomplish what you are looking for by using ISE posture and Application Condition Settings (https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100000.html#id_38954) to detect if any hypervisors are running on the client (i.e. VMWare, VirtualBox) and fail posture if they are running.
George
10-23-2017 10:10 AM
The Forescout model is interesting (https://www.forescout.com/wp-content/uploads/2015/12/ForeScout-CounterACT-Network-Address-Translation-NAT-Detection-Tech-Note.pdf) but seems pretty difficult to scale since it appears to require an appliance an a SPAN port to implement the TTL technique you are describing.
You may be able to accomplish what you are looking for by using ISE posture and Application Condition Settings (https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100000.html#id_38954) to detect if any hypervisors are running on the client (i.e. VMWare, VirtualBox) and fail posture if they are running.
George
10-23-2017 11:17 AM
Thanks, George.
Because some users are using Hypervisors without network connected which is allowed.
it is really difficult to detect.....
10-23-2017 12:30 PM
If those users are an exception, maybe they can be identified buy an AD or LDAP group and have a different posture policy?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide