Hello, I have a question regarding Cisco FTD and client VPN with AnyConnect.
Is it possible to configure compliance rules for FTD VPN Clients and quarantine a host if it is not compliant?
Thanks in advance.
I have not tried this yet, but I have some thoughts that I would like to share.
I don't see a way to quarantine a host from the FMC it self. You would need to use Cisco ISE to handle this part.
A search on the web gave me this, to help you with the ISE quarantine part.
Thanks for the reply.
I'm aware of the possibility to use ISE to change an endpoint to a quarantine zone and use this inside an FTD access rule.
I was just wondering if there is anything close to a VPN compliance rule inside FMC/FTD without ISE.
Not to my knowledge.
You will need to disable the access for the user, and not the IP address, or else your RA VPN scope would run dry at some point.