Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
465
Views
0
Helpful
4
Replies

Posture Unknown flow for endpoints without Posture agent Installed

rezaalikhani
VIP
VIP

‎10-09-2024 11:29 PM

Hi all;

Consider the following Authorization Policy:

rezaalikhani_0-1728541129931.png

In this case, although I have configured the "Default Posture Status" setting as "Compliant", but as soon as an endpoint without posture agent installed connects to the network, it matches with the "Posture Unknown" condition and therefore, the limited dACLs applies to it.

Any ideas?

Thanks

 

 

Labels:
0 Helpful
4 Replies 4

rezaalikhani
VIP
VIP

‎10-15-2024 03:36 AM

The desired VLAN includes both Windows 10 and Windows 7 machines and therefore, when a Windows 7 computer connects to the network, it always matches with the configured "Unknown" policy which has very limited network connectivity and unfortunately stucks in this stage (because of Windows 7 supportability for ISE Posture Module, the client cannot include this module installed. Right?). I want to bypass this policy for Windows 7 PCs without using Profiling Policy inclusion of just Windows 10 PCs.

The following is the fact from the client (with Windows 7) that ISE has gathered?

rezaalikhani_0-1728982343302.png

 

 

 

Any ideas?

Thanks

0 Helpful

Aref Alsouqi
VIP
VIP

‎10-15-2024 03:46 AM

How about selecting only Win 10 operating system in the posture assessment policy and conditions?

0 Helpful

rezaalikhani
VIP
VIP
In response to Aref Alsouqi

‎10-15-2024 04:34 AM

Thanks for your reply;

This is my first possible solution but without success. 

0 Helpful

Aref Alsouqi
VIP
VIP

‎10-16-2024 02:51 AM

If you could please share the screenshot of your posture assessment configuration for review.

0 Helpful
Customers Also Viewed These Support Documents