Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
2
Replies

Remediation via Auth VLAN

Go to solution
dgaikwad
Contributor
Contributor

‎10-15-2018 07:18 AM

Hi Experts,

 

Is remediation possible if I am implementing auth VLAN for switches that do not support URL redirection?

Since, when auth VLAN is configured ISE acts as the DNS/DHCP server.

I have configured anti-virus definition to automatic remediation.

 

So, now my anti-virus definition is not up to date and I am able to ping the AV servers.

Will the auto-remediation happen in this case?

Will AnyConnect be able to reach out to those AV servers and download the right definition?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-15-2018 07:42 AM

Is remediation possible if I am implementing auth VLAN for switches that do not support URL redirection?
(howon: Yes)
Since, when auth VLAN is configured ISE acts as the DNS/DHCP server.
(howon: ISE 2.1+)
I have configured anti-virus definition to automatic remediation.
So, now my anti-virus definition is not up to date and I am able to ping the AV servers.
Will the auto-remediation happen in this case?
(howon: This will be done per posture policy. If you can reach the servers and auto remediation is enabled then endpoint can auto-remediate to update AV DAT files any other actions needed for remediation)
Will AnyConnect be able to reach out to those AV servers and download the right definition?
(howon: Yes, as long as they can resolve the AV server IP and access is allowed then they can reach the servers. See following picture for allowing DNS for AV servers)

Screen Shot 2018-10-15 at 9.37.01 AM.png

View solution in original post

0 Helpful
2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-15-2018 07:42 AM

Is remediation possible if I am implementing auth VLAN for switches that do not support URL redirection?
(howon: Yes)
Since, when auth VLAN is configured ISE acts as the DNS/DHCP server.
(howon: ISE 2.1+)
I have configured anti-virus definition to automatic remediation.
So, now my anti-virus definition is not up to date and I am able to ping the AV servers.
Will the auto-remediation happen in this case?
(howon: This will be done per posture policy. If you can reach the servers and auto remediation is enabled then endpoint can auto-remediate to update AV DAT files any other actions needed for remediation)
Will AnyConnect be able to reach out to those AV servers and download the right definition?
(howon: Yes, as long as they can resolve the AV server IP and access is allowed then they can reach the servers. See following picture for allowing DNS for AV servers)

Screen Shot 2018-10-15 at 9.37.01 AM.png

0 Helpful

Go to solution
dgaikwad
Contributor
Contributor
In response to howon

‎10-15-2018 07:59 AM

I have similar configuration except that the allowed domains field is empty.

I will add those up and post an update, thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents