Solved: Re: Performance - Posture Authentication

chongchu · ‎06-06-2019

Hi All,

Based on our ISE Performance & Scale guide in the community

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-738162139

Can we seek some clarity exactly what is this "Posture Authentications" value? This is quite awfully low compared with RADIUS performance.

How does this impact the ISE and whether this will be the bottleneck during posture assessments when AnyConnect "calls home" to ISE when reporting the results?

Many thanks in advance.

kthiruve · ‎06-17-2019

Posture checks involves using Anyconnect finding PSNs and underlying OPSWAT module that does posture checks to make sure if you have the AV version, AV checks etc. There other checks such as file, regitry check that is faster as well. There is a dependency on OPSWAT to get back after a scan and Anyconnect creates a summary after that that is sent to ISE for compliance.

RADIUS authentications is straightforward since supplicant talks to Network devices, Network devices knows PSN's who respond back to request and these are standard protocols.

Hence the difference in the rate. If you have any issues related to this please call up TAC.

Thanks

Krishnan

View solution in original post

kthiruve · ‎06-17-2019

Posture checks involves using Anyconnect finding PSNs and underlying OPSWAT module that does posture checks to make sure if you have the AV version, AV checks etc. There other checks such as file, regitry check that is faster as well. There is a dependency on OPSWAT to get back after a scan and Anyconnect creates a summary after that that is sent to ISE for compliance.

RADIUS authentications is straightforward since supplicant talks to Network devices, Network devices knows PSN's who respond back to request and these are standard protocols.

Hence the difference in the rate. If you have any issues related to this please call up TAC.

Thanks

Krishnan