Hello Community,
I have searched very hard to find info on that matter, but with almost no result, so I've decided to post a thread here. Our environment is based ISE 2.2 ASA 9.4 and AnyConnect 4.4
As you know there are two separate version "trains" for the ISE compliance module for AnyConnect:
- v 3.x where the latest version is v 3.6.xxxx
- v 4.x where the latest version is v 4.2.xxxx
Obviously they have some substantial functional differences that are reflected in the ISE posture condition policies, e.g.:
- Anti-Malware is only for v4.x
- Anti-Spyware is only for v3.x
- Anti-Virus in only for v3.x
- Application conditions are for both v3.x and v4.x
- Patch management conditions have to separately configured for v3.x and v4.x
- .. and so on..
So my questions are:
- What is the general rule of thumb for choosing to use v3 or v4 AC Compliance module? Obviously both would do the job one way or the other, and both support the current AnyConnect versions. So what is the catch?
- Since AV and Anti-Spyware checks seem "depreciated" in compliance module v4 is it true to assume that they have been consolidated into Anti-Malware checks that covers all?
.png "rwehe"){kind=avatar}
