Solved: Re: Posture check as a condition in the AuthZ policy

skutzer · ‎08-16-2016

Hi,

not only my Customer and Partner has the following scenario and it is also a very old problem

A, Corporate SOE machines used by employees (e.g. Windows 7) B, Corporate non-SOE machines used by employees (e.g. MacOS, other Windows flavours) What we want to achieve is to give employees with SOE machines full access and employees with non-SOE machines limited access. The way the can differentiate between an SOE machine vs. non SOE machine is by ie. A file check in the registry or similar. While the posture checks we configured all work as expected, what I am kind of missing is the ability to use the result of a posture check as a condition in the AuthZ policy.

https://search-prd.cisco.com/topic/news/cisco/cs/cs-ise/dsc40140.html

But is there a Solution or workaround available?

Thanks,

Sven

Timothy Abbott · ‎08-16-2016

Sven,

Unfortunately, this is still not supported. Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎08-16-2016

Sven,

Unfortunately, this is still not supported. Hsing provided a workaround in the post you referenced where the we could assign specific group membership or attribute to those machines to differentiate.

Regards,

-Tim

skutzer · ‎08-16-2016

Hi,

thanks for your fast reply!

This is good for 802.1x but how should I check via RAS (VPN)

Is there a RADIUS Attribute or anything else?

Regards,

Sven