Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2056
Views
0
Helpful
4
Replies

Posturing in Cisco ISE 2.7 Version

Go to solution
Jithishkkuttappan
Level 1
Level 1

‎06-24-2020 12:25 AM

Hi All,

 

I am in the starting phase for implementing a NAC Solution .I have few queries related where I need some clarification.

 

A)In ISE 2.7,Do we require AnyConnect Apex License to achieve the Posturing of an Endpoint? Or is there any alternatives?

 

B)Due to the Pandemic, User are working from Home ,so in this scenario how can we achieve posturing of endpoints connecting to internal Network.

 

C)What are the available source to get a road map to achieve this requirement.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-24-2020 05:53 AM

A)In ISE 2.7,Do we require AnyConnect Apex License to achieve the Posturing of an Endpoint? Or is there any alternatives?
-Yes you will need AnyConnect Apex License. Upon utilizing posture assessment you will also need 1 ISE base license + 1 ISE apex license per user that is subject to posture assessment. See here for more detail: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/html/b_license_2_7.html

B)Due to the Pandemic, User are working from Home ,so in this scenario how can we achieve posturing of endpoints connecting to internal Network.
You will need to integrate ISE with your VPN solution for user onboarding and ensure that you identify what devices and conditions you wish to target to steer users to posture assessment. Take a peek at labminutes.com/video/sec as they typically have really good tutorials for free.

C)What are the available source to get a road map to achieve this requirement.
-This is a great place to start: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

Good luck & HTH!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-24-2020 05:53 AM

A)In ISE 2.7,Do we require AnyConnect Apex License to achieve the Posturing of an Endpoint? Or is there any alternatives?
-Yes you will need AnyConnect Apex License. Upon utilizing posture assessment you will also need 1 ISE base license + 1 ISE apex license per user that is subject to posture assessment. See here for more detail: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/html/b_license_2_7.html

B)Due to the Pandemic, User are working from Home ,so in this scenario how can we achieve posturing of endpoints connecting to internal Network.
You will need to integrate ISE with your VPN solution for user onboarding and ensure that you identify what devices and conditions you wish to target to steer users to posture assessment. Take a peek at labminutes.com/video/sec as they typically have really good tutorials for free.

C)What are the available source to get a road map to achieve this requirement.
-This is a great place to start: https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

Good luck & HTH!
0 Helpful

Go to solution
Jithishkkuttappan
Level 1
Level 1
In response to Mike.Cifelli

‎06-24-2020 06:36 AM

Thanks alot Mike!!.
0 Helpful

Go to solution
Jithishkkuttappan
Level 1
Level 1
In response to Mike.Cifelli

‎06-24-2020 06:59 AM

Hi Mike,

 

Extending my query to understand better.

 

In Posturing types, there is method called  "Temporal Agent" to perform the posturing.Does posturing method requires Any Connect Apex licence as well.?

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Jithishkkuttappan

‎06-24-2020 07:30 AM

The temporal agent only requires an ISE Apex license since it does not require AnyConnect. Use it for only the most basic of posture checks. I would take a peek at the guide I shared to ensure it can do the checks you wish to perform. HTH!
0 Helpful
Customers Also Viewed These Support Documents