The AnyConnect Posture Module provides the AnyConnect Secure Mobility Client the ability to identify the operating system, anti-virus, anti-spyware, and firewall software installed on the host. The Host Scan application gathers this information.
Using the secure desktop manager tool in the Adaptive Security Device Manager (ASDM), you can create a prelogin policy which evaluates the operating system, anti-virus, anti-spyware, and firewall software Host Scan identifies. Based on the result of the prelogin policy's evaluation, you can control which hosts are allowed to create a remote access connection to the security appliance.
The Host Scan support chart contains the product name and version information for the anti-virus, anti-spyware, and firewall applications you use in your prelogin policies. We deliver Host Scan and the Host Scan support chart, as well as other components, in the Host Scan package.
Starting with AnyConnect Secure Mobility Client, release 3.0, Host Scan is available separately from CSD. This means you can deploy Host Scan functionality without having to install CSD and you will be able to update your Host Scan support charts by upgrading the latest Host Scan package.
Posture assessment and the AnyConnect telemetry module require Host Scan to be installed on the host.
Host Scan Packaging
You can load the Host Scan package on to the ASA in one of these ways:
You can upload it as a standalone package: hostscan-version.pkg
You can upload it by uploading an AnyConnect Secure Mobility package: anyconnect-NGC-win-version-k9.pkg
You can upload it by uploading a Cisco Secure Desktop package: csd_version-k9.pkg
Installing or Upgrading Host Scan
Enter webvpn configuration mode.
Specify the path to the package you want to designate as the Host Scan image. You can specify a standalone Host Scan package or an AnyConnect Secure Mobility Client package as the Host Scan package.
hi,i would need to change one of the ASA logical nameif in order to standardize it.i know i've done this before but was a very long time and couldn't remember whether changing the nameif will 'auto' update any related config: ACL group, routes, HTTP/SSH, ...
We have found TSLv1 weak encryption algorithm in FTD in audit and they suggest mitigate it with latest TSLv. But in present we can see only TSLv1.2 is available with in FMC, both FMC and FTD version 188.8.131.52.Is it close once we upgrade it with TSLv1.2 and ...
Dear experts I need your assistance, I have the following question:Configure local authentication, authorization, and accounting (AAA) user authentication. I used:username XXXXXXXX secret XXXXXXXXaaa new-modelaaa authentication login default loc...
Hello techs. I have the following scenario:VPN Client >> ASA >>IPSEC TUNNEL >> Host. VPN client is unable to reach host from remote location via ipsec tunnel (10.10.10.1)Local users connected to ASA are able to reach remote host via IPSE...