Solved: ISE Posture Auto-Remediation

Rob4 · ‎09-06-2019

Quick Question about Posture Auto-Remediation for AM Definition updates - will the auto-remediation occur during the unknown posture status or non-compliant?? In my testing it appears to "update" during the posturing process and happens during the unknown status. Is this expected?

Thanks

Colby LeMaire · ‎09-06-2019

Yes, that is how it works. You would need to ensure that you allow the connectivity in your redirect ACL and any other ACL's that are applied while in the Posture Unknown state. Non-compliant is for those devices that are given time to remediate but are not able to within the time allowed by the policy. For example, a case where the AM updates don't work due to connectivity issue or something else. Then that device would be considered non-compliant.

View solution in original post

Colby LeMaire · ‎09-06-2019

Yes, that is how it works. You would need to ensure that you allow the connectivity in your redirect ACL and any other ACL's that are applied while in the Posture Unknown state. Non-compliant is for those devices that are given time to remediate but are not able to within the time allowed by the policy. For example, a case where the AM updates don't work due to connectivity issue or something else. Then that device would be considered non-compliant.

Rob4 · ‎09-09-2019

Thanks so much, that makes sense.