09-04-2017 08:01 AM
Hi Team,
Is there anything on the ISE\Anyconnect posture roadmap to allow for posture before logon ?
The customers use case is to fully block machines from joining their network if they don’t have AV or up to date windows patches to stop the spread of viruses. This isn’t possible at the present because the Anyconnect GUI only starts after the user logs on so drive mapping fails.
This is not a BYOD or guest scenario but more about corporate machines where if they are taken off site to other premises and get infected with malware that disables the AV they shouldn’t be allowed back onto the corporate network.
Regards,
Anshul
Solved! Go to Solution.
09-05-2017 08:15 AM
We don’t discuss roadmap in the public forum.
What you’re asking for is likely not possible because all of the services AV etc run in user space. You wouldn’t be able to check if they are running before logon.
However you can severely limit your pre-health network with SGT, tag, acl controls to isolate machines before the check runs. With SGT you can even limit lateral movement between machines. Once the check is complete you give them full access by updating the controls.
09-04-2017 10:42 PM
Hi, Anshul. I believe what you are looking for is Stealth mode (Clientless) AnyConnect with ISE which was introduced with ISE 2.2 & AnyConnect 4.4. You can find more about this feature here: Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies [Cisco Identity Ser…
09-05-2017 08:15 AM
We don’t discuss roadmap in the public forum.
What you’re asking for is likely not possible because all of the services AV etc run in user space. You wouldn’t be able to check if they are running before logon.
However you can severely limit your pre-health network with SGT, tag, acl controls to isolate machines before the check runs. With SGT you can even limit lateral movement between machines. Once the check is complete you give them full access by updating the controls.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide