Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
as far as i know, if an endpoint connect to the wireless network, i can then restrict the access using device policy and choosing normal, block or allowwhat the customer wants is exactly that function but backwards, i mean, if we can set device polic...
i'm currently implementing ISE posture on one of my clients, but i'm facing an issue when the endpoint get a non-compliant status, it automatically goes to a unknown state and start re-scaning
The expected behavior is that if and endpoint goes to a n...
Hi everyone, i am looking for a way to posture windows and MAC clients without remediation, i mean, if a posture policy doesn't comply, the client is declared automatically not compliant and the corresponding authorization policy match (in my case, o...
i currently have an enviroment where i have a DC, with CA role, and a cisco ISE with EAP authentication and portals working just fine, but when i do posture with cisco secure client ISE posture, i get an issue with the certificate that says "Certific...
we have three pairs of FTD 4100 series managed by an FMC 1600, yesterday we got an error on one of the FTD that says:
Policy "policy name" has been altered since "timestamp". Retry deployment
we didn't deployed anything on this particular device.
D...
after a series of tests, i figured out the additional certificate requirements for Posture
For certificate trust:
Proper CN and SANProper certificate chain on the endpoint
For use with ISE in general
include the following EKU's:
Server authentication...
Information Update: this only happens with Anyconnect / Secure Client Downloader with ISE posture when the Scan begins, the same certificate is trusted in any other scenario
Hi, i'm using the same certificate that i use for EAP auth, in fact, the client provisioning portal certificate is trusted in my browser, the warning only happens with the client, that's why i'm thinking that it can be a misconfiguration
the only thi...
i've just found the answer in the link you sent, under the "common failure messages" section
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215258-troubleshooting-firepower-threat-defense.html#anc20
This error is shown If ...
it looks like a time zone mismatch between some internal DB because the behavior also happens with another zones like America/Caracas, but not with all of them, apparently this behavior happens in countries with winter/summer time zone changes, is th...
