Solved: Re: Posture to check DNS and proxy settings

ozgguler · ‎01-09-2018

Can we check client's DNS and proxy settings with NAC agent or Anyconnect, and decide to allow the client if these settings are configured as compliant to corporate policy? If not, redirect to a page which says uncompliant DNS and proxy settings are being used.

Jason Kunst · ‎01-10-2018

You might be able to do this with a registry check, you would have to validate this in a lab setup

Upon failure you could then throw up a remediation message with AnyConnect telling them they are blocked because of this

You can redirect them on non compliance to an manual noted html page in ISE 2.2 and higher stating they are non compliant however there is no way in authorization rules to say if you fail posture rule x then redirect to html page x for message x

View solution in original post

Jason Kunst · ‎01-10-2018

You might be able to do this with a registry check, you would have to validate this in a lab setup

Upon failure you could then throw up a remediation message with AnyConnect telling them they are blocked because of this

You can redirect them on non compliance to an manual noted html page in ISE 2.2 and higher stating they are non compliant however there is no way in authorization rules to say if you fail posture rule x then redirect to html page x for message x