03-06-2019 12:35 PM
Is there way to check against a local WSUS server for determining if an endpoint is up-to-date? I have a situation where corporate endpoints typically don't have the absolute latest windows patch, and is intentionally left out of WSUS for a period before pushing them out. Is there a way to check if the endpoint has the latest update per the corporate WSUS policy, and not the latest published by microsoft/OPSWAT?
-Thanks
Solved! Go to Solution.
03-13-2019 02:38 PM
Yes, ISE posture policy can use local WSUS policy. However, there are no settings to configure on ISE aside from making WSUS condition. AnyConnect posture module simply interfaces with the WSUS agent to get status update. If the WSUS agent is configured for local WSUS then WSUS agent will verify with local WSUS server to see if it compliant and report back to AnyConnect posture module of the status.
03-13-2019 02:38 PM
Yes, ISE posture policy can use local WSUS policy. However, there are no settings to configure on ISE aside from making WSUS condition. AnyConnect posture module simply interfaces with the WSUS agent to get status update. If the WSUS agent is configured for local WSUS then WSUS agent will verify with local WSUS server to see if it compliant and report back to AnyConnect posture module of the status.
03-20-2019 02:02 PM
01-23-2020 03:42 AM
Hello,
can you provide some more details about this type of integration?
does this mean that we need to allow WSUS agent on PC to communicate to WSUS server? (authorization profile/result when postrue status is unknown ou non-compliant?)
Thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide