Posture Lease granularity issue (days vs hours)

joplant · ‎01-30-2020

My customer has a concern with Posture lease and wanted to understand if it was something we would be addressing (or that could be worked around somehow). Hoping to get guidance or feedback on this one from the ISE team.

They are using Posture Lease successfully today with a setting of 1 day (assuming this is 24 hours).

The scenario of concern is that a user may login to the network at 10AM, posture success, posture lease time set for 24 hours. Then they come into the office at 8AM the next day, access the network via posture lease, which now has only 2 hours left.

However, if they are mid work stream sometime later in the day and wifi bounces or something, they would have to complete posture once again before being granted network access. Depending on their work stream (executive presentation for example), this could be fairly disruptive to the user.

Having the capability to set the the posture lease in hours could solve this issue as the lease could be set to expire after a typical work day (10-12 hours or something).

Another option would be having the ability to purge posture leases each night (however this could be challenging in a global deployment).

Are there plans to allow a shorter posture lease timeframe or the ability to clear posture leases periodically?

Jason Kunst · ‎01-31-2020

For workarounds, I will let others out there with more experience chime in on this and even forward it to our SME on the matter.

To contact our product team for future enhancement requests, externally for cisco customers/partners at http://cs.co/ise-feedback for cisco employees internally at http://cs.co/ise-pm