Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
2
Helpful
3
Replies

Posture compliant state not changing after restricted app turn on

Go to solution
asu ayyoub
Level 1
Level 1

‎01-10-2024 12:13 PM

I am using  any connect  posture on RM vpn, i have restricted Application list on posture condition and it works when the application on while posture checking. for example Bittorent. the issue is once the posture become compliant (during this time app is not running), if i turn on the restricted applications (after posture compliant), posture not turning back to non compliance status. is this normal ? posture will not check live status ?  any one can help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎01-10-2024 05:08 PM

hello @asu ayyoub, the ISE posture module will not redo assessment unless there is one of the following scenarios:

  • Initial ISE posture module installation.
  • User login.
  • Power events.
  • Interface status change.
  • OS resume after sleep.
  • Default Gateway (DG) change.

What you can also do in this scenario at least from ISE side is to configure Posture Reassessment (PRA) in which you setup periodic reassessments within your implementation to review. 

For your reference: 

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_compliance.html#reference_0CB881C7DFAE41228EAE8F23F3360B17

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215419-ise-session-management-and-posture.html#anc16

Let me know if that helped you.

 

View solution in original post

3 Replies 3

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎01-10-2024 05:08 PM

hello @asu ayyoub, the ISE posture module will not redo assessment unless there is one of the following scenarios:

  • Initial ISE posture module installation.
  • User login.
  • Power events.
  • Interface status change.
  • OS resume after sleep.
  • Default Gateway (DG) change.

What you can also do in this scenario at least from ISE side is to configure Posture Reassessment (PRA) in which you setup periodic reassessments within your implementation to review. 

For your reference: 

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_compliance.html#reference_0CB881C7DFAE41228EAE8F23F3360B17

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215419-ise-session-management-and-posture.html#anc16

Let me know if that helped you.

 

Go to solution
asu ayyoub
Level 1
Level 1

‎01-13-2024 12:15 AM

Thanks Team, it is clear

0 Helpful
Customers Also Viewed These Support Documents