11-23-2017 01:27 AM
Hi Team,
We are in a middle of deployment of ISE wherein the customer wants to enforce network access based on the selective pass/failure of posture check conditions like as mentioned here:
We have created 3 different authorization policies but facing issue in partial access policy (for above point No.1 & 2 as mentioned above).
Kindly help.
Solved! Go to Solution.
11-23-2017 02:54 AM
This logic is currently not possible in ISE Posture. Regardless of policy, the result is either Compliance or Non-Compliance, not Partial Compliance, or Compliance less Check X or Y. It is the result of binary Posture Status which determine the access policy. Please communicate to Cisco sales team the enhancement request.
Craig
11-23-2017 02:54 AM
This logic is currently not possible in ISE Posture. Regardless of policy, the result is either Compliance or Non-Compliance, not Partial Compliance, or Compliance less Check X or Y. It is the result of binary Posture Status which determine the access policy. Please communicate to Cisco sales team the enhancement request.
Craig
11-23-2017 09:36 PM
Hi Craig,
Thanks for the reply.
Just to check in case we make use of OR operator for multiple posture checks in single rule does it still hold true that all the conditions has to be checked for compliant or non-compliant?
Thanks & Regards,
Yogesh Madhekar
11-24-2017 02:59 PM
Yes, there are OR options, but ultimately the result is either compliant or non-compliant, no in-betweens.
09-12-2024 10:54 AM
This post is nearly 7 years old but I'm in the same scenario, is it still the case that there's no mechanism to do conditional authorizations based on which posture check failed?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide