Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. A typical MDM product consists of a policy server, a mobile device client and an optional inline enforcement point that controls the use of some applications on a mobile device (like email) in the deployed environment. However the network is the only entity that can provide granular access to endpoints (based on ACL’s, TrustSec SGT’s etc). It is envisaged that Cisco Identity Services Engine (ISE) would be an additional network based enforcement point while the MDM policy server would serve as the policy decision point. ISE expects specific data from MDM servers to provide a complete solution
The following are the high level use cases in this solution.
Device registration- Non registered endpoints accessing the network on-premises will be redirected to registration page on MDM server for registration based on user role, device type, etc
Remediation- Non compliant endpoints will be given restricted access based on compliance state
Periodic compliance check – Periodically check with MDM server for compliance
Ability for ISE administrators to issue remote actions on the device through the MDM server (e.g.: remote wiping of the managed device)
Ability for end user to leverage the ISE My Devices Portal to manage personal devices, e.g. Full Wipe, Corporate Wipe and PIN Lock.
ISE 1.3Using Postman,I have tried using:GET (ise-admin-url:9060)/ers/config/guestuserAccept: application/vnd.com.cisco.ise.identity.guestuser.2.0+xmlContent-Type: application/vnd.com.cisco.ise.identity.guestuser.2.0+xml This returns:<resources>...
Android 10 is still not supported with the BYOD flow. I've tested up to 2.4 patch 10 with latest posture update. It is able to get to opening the application then the application says it can't find the session, have you logged into the portal. ...
Trying to block icloud.com/mail It's blocked if I go to http://icloud.com/mail, but https://icloud.com/mail is allowed. I tried to block URL https://icloud.com/mail, but no go. Would the firewall have to be configured for SSL decryption to block this port...
So if there is another FW in between 2 Fws and/or routers that have a IPSEC tunnel built between them, can a FW that sits between (transport device that passed the traffic to and from) see the interesting IP traffic (source IPs and destinations of interes...
Hellow,for a few days we are having problems with the remote vpn connections of an increasing number of users.We have not recently made any configuration changes that explain this problem.Checking the log, at the time when these users try to connect, the ...