Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
0
Replies

Purge endpoints which are not part of a Identity Group

jwmolenaar
Level 1
Level 1

‎08-17-2016 07:58 AM - edited ‎03-11-2019 12:00 AM

Hi All,

Since we are running ISE version 2.1 we are seeing a huge increase of the amount of learned endpoints.

After investigation it looks like these are endpoints are/were connected to our hotspot SSID but the user didn't accept the AUP.
As soon as a user accept the AUP the endpoint becomes a member of an endpoint identity group which we purge at certain times.

Because the solution is implemented in more than 150 high density locations we're facing about more 20000 endpoints this month which are not part of a scheduled purge operation.

We tried to create a purge policy including never purge rules for certain endpoint Identity groups and one general purge rule which did not have an endpoint identity group as condition. This policy was purging the 'unkown' endpoints but also the endpoints which are member of an endpoint group to which a never purge policy is be applied.

Does anyone see a solution for this?

Thanks in advance,

Jan-Willem Molenaar

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents