This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
What do people do regarding third party VPN access to their network, if we have people connecting with no agents etc, how can we enforce polices etc?
Is there certain things people check for etc for third party compliance?
We have third party support companies access our systems for support etc, we lock these down via our ASA to specific servers etc, but how do we know they are running AV and a patched pc?
what if the third party will not let us put a client on their pc?
how would we go about this? what does everyone else do?
Thank you - that helps clarify... I thought you were asking about other networking vendors' VPN/Firewalls with ISE!
I'd say these are your options:
1) lock down their VPN access with ACLs to only the specific services (hosts & ports) as you are doing
2) give them one of your corporate laptops with your approved/required software, anti-malware, etc.
3) virtual desktops
If you don't ave control over the remote PC's, you first restrict their access at the IP level (ACL or VPN filter), and after decryption you take the traffic as untrusted; so you integrate it within your company's threat detection architecture; you have an inline NGFW/IPS to detect layer4-7 attacks; you have your SOC monitoring the events and taking actions.