Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1225
Views
0
Helpful
1
Replies

MAB+Posture

Go to solution
Tze Tai Mak
Level 1
Level 1

‎09-12-2016 04:09 PM

Dear all,

I am doing a POV and the customer is currently using MAB for internal user device (laptop and desktop) access.

They want to add posture to check against AV engine/definition status before allowing access to production network.

We are using latest ISE 2.1 (no patch yet) and AnyConnect ISE Posture agent.

We get CPP working and get the ISE Posture agent software installed. However, I notice that either ISE Posture agent is not talking to ISE or it cannot get “Security products” tab under “System Scan” is empty.

Could I know if it is a limitation for MAB+Posture? And we need to move to 802.1x for posture to work? If we need to minimise the user experience change, should we use Easy Connect?

I read https://cdetsng.cisco.com/webui/#view=CSCtn89841 and not sure if it is already fixed or still an issue.

Thanks, Tommy

1 person had this problem
Preview file
68 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎09-12-2016 05:07 PM

Tommy,

This should have been addressed by CSCtq83954.  However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.

EasyConnect identity is not currently supported in Posture Policy, so that would not help.

Craig

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Hyps
Level 10
Level 10

‎09-12-2016 05:07 PM

Tommy,

This should have been addressed by CSCtq83954.  However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.

EasyConnect identity is not currently supported in Posture Policy, so that would not help.

Craig

0 Helpful
Customers Also Viewed These Support Documents