We have a L3 OOB routed gateway configuration (with redundant CAS and CAM), We are currently running 4.7.1 on the appliances and the agent is 4.7.10.
We have experienced two problems:
1. On several occasions we can abort a valid logon, but can still be allowed access to the network 'silently' ;
a - without any indication on the CAM i.e. no online users, no certified devices b - the switch is still in the 'unauthenticated vlan' and the c - ip address of the client is on the 'untrusted' subnet. d - the 'unauthenticated' policy DOES NOT ALLOW web traffic.
It would seem that the user is able to trick the system by aborting the logon with the agent i.e. closing the window etc, (the login credentials are correct and posture fails on an optional check and so amber) but the system DOES NOT show the user at all.
The Temporary role does allow full access, if I disable the policy rule the traffic is stopped.
The problem is there is no indication of this user on the system at all, this happens a couple of times a week.
2. When a user is genuinely placed into a TEMPORARY role (as indicated by the system, note: not the same as above), about 50% of the time communication is blocked even though the policy allows it (repeated challenges by NAC).
Close the agent and do it the second time and it will work.
I think the symptoms are related as they both seem to be related to the usage of the TEMPORARY ROLE - has anyone else seen this bug ?
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...