04-22-2018 03:42 PM
We are keen on considering an agentless ISE scenario in order to avoid adding another ‘agent’ on the end point. This will also be a requirement in dealing with endpoints that are not corporate managed, or nonsupplicant devices (thermostats, cameras, etc).
We know the ISE agent does posture assessment with simple or compound condition check and remediation. No issue with that.
But, in the agentless scenario –
thanks
ram
Solved! Go to Solution.
04-24-2018 01:30 AM
ISE2.4 now provides to scan agentless endpoints when using the Visibility Setup Wizard , although providing read only ability.
That being said no enforcement can be taken without having an actual agent on the endpoint , same goes for forescout.
You could use AnyConnect in stealth mode where the agent is installed but cannot be seen by the user.
There is also the option of using Temporal Agent where an agent will be installed and once compliance check is complete it will remove itself.
04-24-2018 01:30 AM
ISE2.4 now provides to scan agentless endpoints when using the Visibility Setup Wizard , although providing read only ability.
That being said no enforcement can be taken without having an actual agent on the endpoint , same goes for forescout.
You could use AnyConnect in stealth mode where the agent is installed but cannot be seen by the user.
There is also the option of using Temporal Agent where an agent will be installed and once compliance check is complete it will remove itself.
04-24-2018 08:43 PM
I would suggest to use Cisco Temporal Agent, which replaces NAC Web Agent. It's a native application to download to the Windows/macOS endpoints, without installation, and to evaluate for the posture compliance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide