Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
3
Helpful
5
Replies

ISE Rules

Go to solution
sqambera
Level 1
Level 1

‎12-04-2015 10:18 AM - edited ‎03-10-2019 11:17 PM

Hello,

Could anyone please look at the attached requirement diagram. The Cisco ISE needs to be configured accordingly. Do I have to create Authorization rules for achieving these results? I am wondering that under Authorization conditions in ISE where could I find things like (I am trying to figure out) "windows service pack equal 1", "operating system equals windows 7", etc.

Or is it somewhere else that I need to look for configuring these requirements? Does this needs to be done under Posture rules?

Thanks in advance for all your help.

Regards,

Qamber

Labels:
Preview file
68 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Castro Sanchez
Level 1
Level 1
In response to sqambera

‎12-06-2015 09:29 AM

You have to create a posture result condition that would be something like:

If OS equals "any" met if "posture condition" else "remediation action".

Most OS should be already there.

Posture conditions come pre loaded, so you only have to select i.e. pc_W7_SP1_int.

Same for remediation, many come created, or you can create new ones as well.

Once you have the posture requirements rules, then you can create the policy so if an identity group matches the OS then the requirement will be the one you created as a rule.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Aaron Castro Sanchez
Level 1
Level 1

‎12-05-2015 12:24 AM

Hi,

Not exactly. Not all the requirements you ask and the flow you want to get will be done only with Authorization rules.

You'll need to use authentication and authorization rules, plus provisioning and posture rules and checks.

Your flow is something similar to what I desgined in my company, the only thing you don't have in yours is the BYOD side.

Cheers,

Go to solution
sqambera
Level 1
Level 1
In response to Aaron Castro Sanchez

‎12-06-2015 08:37 AM

Thanks Aaron. I was looking at the posture conditions in ISE but wasn't able find any that says if service pack is equal to something. Do you have any idea about it? Its one of the requirement as per attached diagram.

0 Helpful

Go to solution
Aaron Castro Sanchez
Level 1
Level 1
In response to sqambera

‎12-06-2015 09:29 AM

You have to create a posture result condition that would be something like:

If OS equals "any" met if "posture condition" else "remediation action".

Most OS should be already there.

Posture conditions come pre loaded, so you only have to select i.e. pc_W7_SP1_int.

Same for remediation, many come created, or you can create new ones as well.

Once you have the posture requirements rules, then you can create the policy so if an identity group matches the OS then the requirement will be the one you created as a rule.

0 Helpful

Go to solution
sqambera
Level 1
Level 1
In response to Aaron Castro Sanchez

‎12-08-2015 08:09 PM

Thanks Aaron for helping out.

0 Helpful

Go to solution
Bob Goal
Level 1
Level 1
In response to Aaron Castro Sanchez

‎11-23-2016 03:41 AM

Hi Community,

could you help me configure posture to check for operating system version? I want to allow access only for Windows 7 and Windows 10. Other Windows version should be rejected.

0 Helpful
Customers Also Viewed These Support Documents