This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We have a customer who want to use ISE posture with AnyConnect to report on device compliance on the local network.
We've installed AnyConnect 4.8.02042 Core & ISE Posture, successfully working with ISE to perform posture scans.
The issue is that this customer wants (at least initially) to report on compliance status without enforcing any remediation; where I'm stuck is finding a way to stop AnyConnect popping up an action window when a device fails a posture check.
I notice that in the detail report for "Posture by Endpoints" there is an "Enforcement Type" Field which always appears as "Mandatory"; is there a way to configure a policy without mandatory enforcement? I can't find anything documented for this setting.
Thanks for the reply, you mentioned:
-Try setting up the ISE posture agent profile to support stealth mode. When this is enabled it runs as a service with no user interface.
>> When I set stealth mode in the profile the posture policies aren't checked; I get a "compliant" status from AnyConnect, but if I check the deatils the "posture policy" section says "no data"
I've now set the requirements on the posture policy to audit mode, which suppresses the more alarming pop ups; unfortunately it also makes it harder to see non-compliance in the posture reports, but I've managed to create a filtered report which almost fixes this.
This requirement is purely for posture visibility, there's no AuthZ policy tied to posture, so nothing to change on that side.
Customer is going ahead with deployment, but I'd like to understand why stealth mode seems broken.
Just to add; I can suppress the remediation pop up by using audit mode, but not the system scan pop ups.
If I try & use stealth mode node of my posture policies seem to run ("no data" in posture report detail window)