08-30-2017 11:22 AM
Hello, I have a question regarding Cisco FTD and client VPN with AnyConnect.
Is it possible to configure compliance rules for FTD VPN Clients and quarantine a host if it is not compliant?
Thanks in advance.
Regards.
08-31-2017 04:20 AM
Hi eduardo0407
I have not tried this yet, but I have some thoughts that I would like to share.
I don't see a way to quarantine a host from the FMC it self. You would need to use Cisco ISE to handle this part.
A search on the web gave me this, to help you with the ISE quarantine part.
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119370-configure-ise-00.pdf
08-31-2017 05:03 AM
Thanks for the reply.
I'm aware of the possibility to use ISE to change an endpoint to a quarantine zone and use this inside an FTD access rule.
I was just wondering if there is anything close to a VPN compliance rule inside FMC/FTD without ISE.
08-31-2017 05:17 AM
Not to my knowledge.
You will need to disable the access for the user, and not the IP address, or else your RA VPN scope would run dry at some point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
