Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
0
Helpful
4
Replies

ISE Posture Feed Service

ryans2
Cisco Employee
Cisco Employee

‎10-03-2018 05:47 AM

I have a customer currently running ISE 2.2 patch 9 in an AnyConnect VPN Solution that used ISE Posturing.  They have recently started to look to deploy the latest version of OS X (10.14) and it has been discovered that 10.14 is not in their list for OS X versions.  It has also been discovered now that they have not updated their posture in ISE using the posture feed service or update function since January.  They have some concerns and questions now over utilizing this service to update their posture in ISE. I was wondering if anyone may be able to assist in answering the questions below.

 

 

The first one is there a way to see the difference in the versions that get applied? The customer hasn’t updated using service since January and would like to know the differences in versions.

 

The next one is if they apply the updated versions and they experience any issues is there a way to roll it back or should this even be a concern?  They have concern that if an issue is introduced if there is a way to back out.

 

Finally they would like to know if there is a best practice on whether to set the service as manual or automatic and if automatic how often should the service look to update?

 

Thank you in advance for any assistance.

0 Helpful
4 Replies 4

Aravind Ravichandran
Level 3
Level 3

‎10-03-2018 09:08 AM

Hi,

First of all, both the offline update & automatic update will be having same file.

offline update can be used where If ISE does not have Internet access or not allowed due to security policy.

 

The following software elements are available at posture feed:

– Cisco predefined checks and rules

– Windows and Mac OS X AV/AS support charts

– Cisco ISE operating system support

 

For automatic update,you can keep default value(every 2 hours)

 

 

-Aravind
0 Helpful

ryans2
Cisco Employee
Cisco Employee
In response to Aravind Ravichandran

‎10-03-2018 02:33 PM

Thank you Aravind for the response.

 

After speaking with the customer some more their concern is more towards if there is any roll back procedure for in the event there is an issue introduced from an update.  They also want to know if there is anything public facing that would be equivalent of release notes but for any updates that do come out.

0 Helpful

Jason Kunst
Cisco Employee
Cisco Employee
In response to ryans2

‎10-03-2018 04:02 PM

No there is nothing like this. Would recommend reaching out to the product management team through the sales Chanel.
0 Helpful

Aravind Ravichandran
Level 3
Level 3
In response to ryans2

‎10-10-2018 12:37 PM

Roll back is not applicable in this case, as it will be having support chart and version of the software’s.

-Aravind
0 Helpful
Customers Also Viewed These Support Documents