Solved: ISE Posture Questions

vmuhtaro · ‎01-08-2020

Hi team,

We are doing ISE PoV in the customer side, the customer has some questions about posture side.

1 - AnyConnect Posture Message Change

Can we change the Anyconnect System Scan message shown below.

Can we see the reason of why the Posture fail. (For example because of XX Rule )

2- ISE Postue Requirments

When we check the requirment on the ISE, if we select only 1 requirement, we can not change the Section below.

While it is selected only one condition it is not working for the way that we want. For exampe; we want to check the version of an application.

İf I select only one condition, it check the application and pop up the remediation action text message up. (it should check the software, it it not working, then it should pop up the remediation action)

3- Can we get mail notification from the ISE if the any client PC fail on posture check?

4- ISE Posture Check Skip the conditions - The customer wants to check 5 different conditions in a policy and if one of them fails, ISE does not check the rest of them. Is this behavior changeable?

Thank you

Mike.Cifelli · ‎01-09-2020

1 - AnyConnect Posture Message Change

-AKAIK you cannot change these. There are several phrases you may see depending on the situation. As far as viewing scan results you can see this via Anyconnect on the local system. Anyconnect settings wheel (bottom left)->System Scan->Scan Summary tab.

2- ISE Postue Requirments

-I would check how you have built out your condition to ensure the criteria is accurate.

3- Can we get mail notification from the ISE if the any client PC fail on posture check?

-You can setup reports on either Posture assessments by (endpoint/condition). One thing that I have done in the past is setup reports to export to a linux repo, setup a cronjob to email the report to desired personnel.

4- ISE Posture Check Skip the conditions - The customer wants to check 5 different conditions in a policy and if one of them fails, ISE does not check the rest of them. Is this behavior changeable?

-AKAIK ISE will run through all conditions that you have setup to perform posture assessment on based on the conditions setup.

View solution in original post

Mike.Cifelli · ‎01-09-2020

1 - AnyConnect Posture Message Change

-AKAIK you cannot change these. There are several phrases you may see depending on the situation. As far as viewing scan results you can see this via Anyconnect on the local system. Anyconnect settings wheel (bottom left)->System Scan->Scan Summary tab.

2- ISE Postue Requirments

-I would check how you have built out your condition to ensure the criteria is accurate.

3- Can we get mail notification from the ISE if the any client PC fail on posture check?

-You can setup reports on either Posture assessments by (endpoint/condition). One thing that I have done in the past is setup reports to export to a linux repo, setup a cronjob to email the report to desired personnel.

4- ISE Posture Check Skip the conditions - The customer wants to check 5 different conditions in a policy and if one of them fails, ISE does not check the rest of them. Is this behavior changeable?

-AKAIK ISE will run through all conditions that you have setup to perform posture assessment on based on the conditions setup.