Solved: Re: Dear Jatin,

clark white · ‎08-16-2016

Dears

I have a company name A , the company has an separate internet connection which has no link to the corporate network means for example 2 PC who's structured cabling is terminated in different room , I have configured features such as Dot1x,MAB,Device authentication for company A corporate network, I wanna do a AV posture, is it possible to do posture for windows clients when ISE doesn't have access to Internet world

thanks

Jatin Katyal · ‎08-16-2016

To upload offline posture updates:

Step 1 Go to https://www.cisco.com/web/secure/pmbu/posture-offline.html.

Save the posture-offline.zip file to your local system. This file is used to update the operating system information, checks, rules, and antivirus and antispyware support charts for Windows and Macintosh operating systems.

Step 2 Access the Cisco ISE administrator user interface and choose Administration > System > Settings > Posture.

Step 3 Click the arrow to view the settings for posture.

Step 4 Choose Updates. The Posture Updates page appears.

Step 5 From the Posture Updates page, choose the Offline option.

Step 6 From the File to Update field, click Browse to locate the single archive file (posture-offline.zip) from the local folder on your system.

Note The File to Update field is a required field. You can select only a single archive file (.zip) that contains the appropriate files. Archive files other than.zip (like.tar, and.gz) are not allowed.

Step 7 Click the Update Now button.

Once updated, the Posture Updates page displays the current Cisco updates version information under Update Information.

Source: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html

Rgds,

Jatin

~ Do rate helpful posts.

~Jatin

View solution in original post

Jatin Katyal · ‎08-16-2016

When you deploy Cisco ISE on your network for the first time, it's recommended to download posture updates from the web. This process usually takes approximately 20 minutes. After the initial download, you can also update Cisco ISE offline from a file on your local system, which contains the latest archives of updates.

Posture updates include a set of predefined checks, rules, and support charts for antivirus and antispyware for both Windows and Macintosh operating systems, and operating systems information that are supported by Cisco.

Cisco ISE creates default posture policies, requirements, and remediation only once during an initial posture updates. If you delete them, Cisco ISE does not create them again during subsequent manual or scheduled updates.

So yes, you can surely configure your Client to initiate posture and ISE to assess it when ISE doesn't have access to the internet later.

Rgds,

Jatin

~ Do rate helpful posts.

~Jatin

clark white · ‎08-16-2016

Dear Jatin,

I have already deployed the ISE and it is running live, I want to do a AV posture,

After the initial download, you can also update Cisco ISE offline from a file on your local system, which contains the latest archives of updates

can you guide me how I can achieve the above.

thanks

Jatin Katyal · ‎08-16-2016

To upload offline posture updates:

Step 1 Go to https://www.cisco.com/web/secure/pmbu/posture-offline.html.

Save the posture-offline.zip file to your local system. This file is used to update the operating system information, checks, rules, and antivirus and antispyware support charts for Windows and Macintosh operating systems.

Step 2 Access the Cisco ISE administrator user interface and choose Administration > System > Settings > Posture.

Step 3 Click the arrow to view the settings for posture.

Step 4 Choose Updates. The Posture Updates page appears.

Step 5 From the Posture Updates page, choose the Offline option.

Step 6 From the File to Update field, click Browse to locate the single archive file (posture-offline.zip) from the local folder on your system.

Note The File to Update field is a required field. You can select only a single archive file (.zip) that contains the appropriate files. Archive files other than.zip (like.tar, and.gz) are not allowed.

Step 7 Click the Update Now button.

Once updated, the Posture Updates page displays the current Cisco updates version information under Update Information.

Source: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html

Rgds,

Jatin

~ Do rate helpful posts.

~Jatin

clark white · ‎08-17-2016

Dear Jatin,

Thanks for the reply,

For suppose If I want to use an another interface (NIC) of the ucs server to connect to the internet LAN and once it gets updated I will disconnect NIC from the Internet LAN. Have seen the CLI guide of the ISE it has a ip route command to specify the destination, but the situation will be with 2 no's of default route , 1 no's default gateway will be of the setup when we initiate the ISE and the 2nd route will be added by the ip route command, so how the traffic will be routed to the internet and to the Local LAN.

also I have one more query the key 7 below is hidden key but is it can be decrypted.

radius server ISE-SERVERS-SEC

address ipv4 10.X.X.1 auth-port 1645 acct-port 1646

key 7 121608161C0C1E012B3F

thanks

daemibros · ‎03-13-2018

THere is no resource at this link. Has it been changed? moved?

VILLE LEINONEN · ‎10-10-2018

Hi,

This comes quite late, but current link are:

https://s3.amazonaws.com/ise-public/posture-offline.zip

Site https://www.cisco.com/web/secure/spa/posture-offline.html redirect that Amazon site.

/Ville

ISE without Internet