cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5133
Views
10
Helpful
5
Replies

ISE posture for Palo ALto Globalprotect user

manvik
Level 3
Level 3

Have anyone got Globalprotect agent working with Cisco ISE posture module. ie when Remote VPN user connects via Globalprotect ISE posture module kicks and send posture info to Cisco ISE.

2 Accepted Solutions

Accepted Solutions

Mike.Cifelli
VIP Alumni
VIP Alumni

AFAIK this is not supported.  See the 'Compliance & Posture' section here for more details: Cisco ISE & NAC Resources - Cisco Community

HTH!

View solution in original post

thomas
Cisco Employee
Cisco Employee

ISE Posture Module only works on AnyConnect.

Your only other option would be to try ISE 3.0's new Agentless Posture capability.

See How To: Agentless Posture Configuration, validation & Troubleshooting

What's New in ISE 3.0 Webinar [YouTube]

17:02 Agentless Posture on Windows & macOS

21:20 Demo: Agentless Posture on Windows & macOS

View solution in original post

5 Replies 5

Hi @manvik 

 please take a look at:

Event Viewer > Application and Services Logs > Cisco AnyConnect ISE Posture Module

to check what triggers the ISE Posture Module:

 

Hope this helps !!!

Mike.Cifelli
VIP Alumni
VIP Alumni

I am not sure I fully understand your question.  Are you wanting ISE posture assessment to detect/check if globalprotect is in use AKA service is running or something along those lines? If you are hoping that the ISE posture module can integrate with another VPN client that will not work AFAIK.  I would suggest taking a look at the following for further guidance on Agent Considerations & how posture assessment works: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

HTH!

manvik
Level 3
Level 3

Thank you folks for the wonderful replies.

>>ISE posture assessment to detect/check if globalprotect is in use AKA service is running

No

 

I was checking whether ISE do can posture for a remote user who connects to corporate network via Globalprotect VPN.

 

 

Mike.Cifelli
VIP Alumni
VIP Alumni

AFAIK this is not supported.  See the 'Compliance & Posture' section here for more details: Cisco ISE & NAC Resources - Cisco Community

HTH!

thomas
Cisco Employee
Cisco Employee

ISE Posture Module only works on AnyConnect.

Your only other option would be to try ISE 3.0's new Agentless Posture capability.

See How To: Agentless Posture Configuration, validation & Troubleshooting

What's New in ISE 3.0 Webinar [YouTube]

17:02 Agentless Posture on Windows & macOS

21:20 Demo: Agentless Posture on Windows & macOS