cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

675
Views
10
Helpful
5
Replies
CE07
Beginner

ISE posture for Palo ALto Globalprotect user

Have anyone got Globalprotect agent working with Cisco ISE posture module. ie when Remote VPN user connects via Globalprotect ISE posture module kicks and send posture info to Cisco ISE.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Mike.Cifelli
VIP Advocate

AFAIK this is not supported.  See the 'Compliance & Posture' section here for more details: Cisco ISE & NAC Resources - Cisco Community

HTH!

View solution in original post

thomas
Cisco Employee

ISE Posture Module only works on AnyConnect.

Your only other option would be to try ISE 3.0's new Agentless Posture capability.

See How To: Agentless Posture Configuration, validation & Troubleshooting

What's New in ISE 3.0 Webinar [YouTube]

17:02 Agentless Posture on Windows & macOS

21:20 Demo: Agentless Posture on Windows & macOS

View solution in original post

5 REPLIES 5
Marcelo Morais
Advocate

Hi @CE07 

 please take a look at:

Event Viewer > Application and Services Logs > Cisco AnyConnect ISE Posture Module

to check what triggers the ISE Posture Module:

 

Hope this helps !!!

Mike.Cifelli
VIP Advocate

I am not sure I fully understand your question.  Are you wanting ISE posture assessment to detect/check if globalprotect is in use AKA service is running or something along those lines? If you are hoping that the ISE posture module can integrate with another VPN client that will not work AFAIK.  I would suggest taking a look at the following for further guidance on Agent Considerations & how posture assessment works: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

HTH!

CE07
Beginner

Thank you folks for the wonderful replies.

>>ISE posture assessment to detect/check if globalprotect is in use AKA service is running

No

 

I was checking whether ISE do can posture for a remote user who connects to corporate network via Globalprotect VPN.

 

 

Mike.Cifelli
VIP Advocate

AFAIK this is not supported.  See the 'Compliance & Posture' section here for more details: Cisco ISE & NAC Resources - Cisco Community

HTH!

View solution in original post

thomas
Cisco Employee

ISE Posture Module only works on AnyConnect.

Your only other option would be to try ISE 3.0's new Agentless Posture capability.

See How To: Agentless Posture Configuration, validation & Troubleshooting

What's New in ISE 3.0 Webinar [YouTube]

17:02 Agentless Posture on Windows & macOS

21:20 Demo: Agentless Posture on Windows & macOS

View solution in original post

Content for Community-Ad