Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
1
Replies

Posture Implementation through ISE

gurbinder.kabbay
Level 1
Level 1

‎03-18-2020 08:58 AM

Hi

I want to Implement a Posture in my lab, I have ISE server and VMs machines.

for Posture Use case, I have to do Client Provisioning and i have to do the following. kindly guide me if something can be skipped, because I dont have internet connectivity in LAB and it is a remote LAB and internet connectivity is big challenge for me.

1. In Client provisioning I have to download compliance module from cisco site through ISE. can we download it from somewhere else and then I can upload it on ISE from local disk ?

 

2.  I have to upload webdeoploy package : its done and uploaded from local disk on ISE.

3. I have to create NAM profile.  from where I can install this NAM and where i can install it (on end point or from any machine to make customize package, is it Mandatory to make customize package or we can skip it.

4. I have to configure native profile.

5. I have to configure Any connect configuration, in which i will map NAM profile, package file and compliance module file.

6. I have to configure posture module.

 

Big Question: can i implement Posture without internet connectivity in the network.

 

Thanks

Garry

 

 

 

0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎03-18-2020 10:09 AM

Hi,

 

   Speaking strictly about posture:

 

1/2. Download anyconnect client and compliance module

3. NAM module of AnyConnect is not required for posture

4. Not sure what you mean by native profile, maybe you mean native supplicant profile or what?

5. No NAM for posture

6. You mean posture policy

 

You can deploy posture and profiling and everything without Internet connectivity for ISE, but you would have for example to manually import posture updates, profiling updates (if you use profiling).

 

Use these guidelines for Posture, Profiling and 802.1x:

 

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents