Cisco Meraki’s Enterprise Mobility Management (EMM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. A typical Cisco Meraki EMM configuration consists of a cloud-based policy server and a mobile device client. However, often times the network is the only entity that can provide granular access to endpoints (based on ACLs, TrustSec SGTs etc.). It is envisaged that Cisco Identity Services Engine (ISE) would be an additional network based enforcement point while the cloud- based Cisco Meraki EMM policy server would serve as the policy decision point. ISE expects specific data from Cisco Meraki cloud EMM servers to provide a complete solution.
The following are the high level use cases in this solution.
Device registration - Non registered endpoints accessing the network on-premises will be redirected to registration page on Cisco Meraki EMM cloud for registration based on user role, device type, etc. In addition Meraki can also provision the device with corporate application e.g. AnyConnect (VPN), Jabber (Collaboration) etc .. so the user has secure access to corporate resources (per policy) when device is off-premises.
Remediation - Non compliant endpoints will be given restricted access based on compliance state Periodic compliance check– Periodically check with Cisco Meraki EMM cloud server for compliance
Ability for ISE administrators to issue remote actions on the device through the Cisco Meraki EMM cloud (e.g.: remote wiping of the managed device)
Ability for end users to leverage the ISE My Devices Portal to manage personal devices, e.g. Full Wipe, Corporate Wipe and PIN Lock.
I am having an issue with incoming rules. Here is my running config. : Saved:: Serial Number: JAD21290D2D: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores):ASA Version 9.8(1)!hostname ciscoasaenable password $sha512$500...
Question - Where is the "posture requirement policy" from the headend stored on the endpoint? How accessible is it, what security controls do we have to prevent this data from being maliciously used by an attacker if he/she gets access to the endpoint an...
Hello, I have a couple of firewalls on FMC 1000, and two internet routers in front of the firewalls.I have enabled anyconnect VPN and a nat was added to use anyconnect and RA VPN.then i have configured PBR to use one internet link for some vlans and ...