Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3788
Views
5
Helpful
6
Replies

ISE anyconnect posture for MACOS

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee

‎11-20-2018 05:45 PM

Sorry for wide distribution.

 

My customer plan to check if MACOS main version 10.x.x is up-to-date in ISE posture policy  with anyconnect installed on client.

 

is it done by Patch Management condition in ISE ?  for examples I can see vendor is Apple and agent is software update 1.x 2.x 3.x . how is it relevant to MACOS main version?

If I using other vendor condition like JAMF ot other tool etc ,  is it possible to check if MACOS is up-to-date ?

 

Which one is mostly used to check MacOS is up-to-date ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎11-26-2018 06:59 AM

It seems I didn't understand the initial question.  ISE posture can check to see if patch management software is installed on MAC OS X but unfortunately cannot check to see if it is up to date.  That is a Windows only feature currently.  Are you trying to determine if MAC OS is version 10.X.X instead of 10.X?  If that is the case, you can use a file check condition to check SystemVersion.plist file for the ProductVersion value.  It will tell you whether the OS version is, for example, 10.14 or 10.14.1

 

Regards,

-Tim

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎11-21-2018 06:38 AM

You can use either ISE posture or MDM to detect that information.  It really is a matter of personal preference.

 

Regards,

-Tim

0 Helpful

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎11-21-2018 07:28 AM

Thanks Tim for your answer.

 

Just to check if ISE below posture condition is correct to detect MACOS OS info and up-to-date ?  Version 1.x 2.x 3.x is used in different MACOS ?

 

Screen Shot 2018-11-21 at 11.14.57 PM.png

 

 

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎11-21-2018 09:18 AM

Yes, each of those are for different versions of MAC OS X.  You will need to select the version appropriate for MAC OS you are using.

 

Regards,

-Tim

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎11-21-2018 07:21 PM

When I select up-to-date , all agent software update are  grey and invalid ,   the condition cannot be saved.  

 

is it not supported or some issue ?

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Qingguo Zhang

‎11-26-2018 06:59 AM

It seems I didn't understand the initial question.  ISE posture can check to see if patch management software is installed on MAC OS X but unfortunately cannot check to see if it is up to date.  That is a Windows only feature currently.  Are you trying to determine if MAC OS is version 10.X.X instead of 10.X?  If that is the case, you can use a file check condition to check SystemVersion.plist file for the ProductVersion value.  It will tell you whether the OS version is, for example, 10.14 or 10.14.1

 

Regards,

-Tim

0 Helpful

Go to solution
Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎12-20-2018 07:57 AM

ISE does NOT communicate to Patch Manager directly ,  ISE believe anyconnect to get information from update client.   this is also same for AV/AS check,  is it correct ?

0 Helpful
Customers Also Viewed These Support Documents