Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

ISE 2.1 policy requirement

devarshi
Level 1
Level 1

‎08-09-2016 09:43 PM - edited ‎03-10-2019 11:59 PM

Hi,

We have a requirement where we need to prevent any non-domain device to connect to a specific SSID. Below is the current scenario in which we need to provide solution:

1) Only user based authentication should be there

2) Personal mobile devices as well as machines should not be able to connect to this SSID

3) AD groups are not in place so segregation is not possible based on devices

Few options that could be possible according to me:

a) Logical profiles - Where I can mention only the corporate workstations OS to be allowed and then call this profile in authorization policy

b) AD profile - Since AD profiling can provide OS information, maybe create a custom profiling condition and respective policy and then call it in authorization policy. Not sure about performance impact for AD in this case

Any inputs appreciated. Thank you!

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-10-2016 08:39 AM

What license level do you have?

With ISE Apex + AnyConnect Apex you could use a posture policy that checks for a registry key indicating domain membership.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents