Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,As part of our endpoints getting full access, they first go into a limited network VLANs. Only once posture is passed do we move them into a vlan with full network access. Computers have been doing this no problem for some time. Yesterday we...
Hello all,We've recently started rolling out AnyConnect with posture to our Linux workstations. IT was my understanding that posture ONLY runs when a user is interactively logging into the workstation (i.e. physically sitting at the keyboard). What...
Hello,I have a posture condition that i'm trying to use to detect if a process is running. In this case it's the process salt-minion. Not sure what i'm doing wrong. I've enabled debugging and it hasn't led to much luck so i'm casting a line here t...
As we've started to roll out ISE to more and more endpoints, we have started to see some odd behavior in context visibility. The oddness seems to be related to docking stations where various endpoints throughout the day are using the same docking st...
I'm trying to provide users with a Message Text when they fail posture that isn't a single run one paragraph. We would like to have returns between some of the lines and also make part of it bold (such as the IT Help Desk phone number). How do you ...
We have reasons but i hear you. An example is we want our endpoints to be able to communicate to defined URLs when when in a non postured state. Yes, you could state well just propagate SGT's to your firewall. Tried it and our firewall vendor has ...
Step 1: computer plugs in, it gets authenticated and authorized. Step 2: ISE tells switch put computer on restricted vlanStep 3: User signs in and passes postureStep 4: ISE tells switch, change vlanStep 5: This will require the client to know t...
Morning Greg,I'm not following, is there a way to tell ISE to track endpoints by the AnyConnect DUID? Also is there a way to configure the context visibility database to purge data older then X days?
Hey Greg,So if the cert gets replaced / updated, this would result in a new entry for that device in ISE? Is there no option to use the GUID of the AnyConnect client install.
