Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Customer has shared Win 10 machines, with mutiple users. When user A logs off, and user B logs in, it takes close to ~4 minutes for it to get a new IP address and the corresponding SGT. Native supplicant is used and machine connects directly to the s...
We are working on a deployment, where Customer has a shared WLC (shared among multiple sites), with a common SSID. One of the locations/sites require the ISE deployment to be in Low Impact/Monitor mode. The rest of the locations are still using a dif...
I have a couple of questions on ISE and JAMF integration as MDM.
What does ISE check with Jamf for compliant status? Does ISE query Jamf everytime when an authentication or re-auth happens or does ISE keep a local cache of compliant endpoints for a ...
Hi Team,One of my customers with an existing SDA deployment, has asked us to help them move from the "Default permit" to "Defauly Deny" in the Trustsec policies. Since this a brownfield deployment, we are little skeptical in doing this without gettin...
Customer has Forescout secureconnector installed on machines for Endpoint Compliance. They are evaluating ISE Posture currently, have a query whether the ISE posture agent can check the compliance status of the secureconnector agent, and then report ...
Please ignore, I think I know what you meant. When it's open, ISE is not involved unlike monitor mode. The customer wants to deploy 802.1x for wireless users without any production impact, and want to log the failures (hence the monitor) just like wi...
Hi Jason, Can open Auth be done for the same SSID, on a shared WLC, for a specific location (i.e. set of APs) or this is more of a question for the wireless experts?
Just bumping this one up as we have a few more requests like these and still haven't found any guidelines. We are anyway setting this up in lab, but anyone who has done this firsthand, please feel free to provide your inputs.
Thanks Tim.
In this case, we only have Macbooks. I am assuming ISE will only query for the MAC address of the laptop. Does it keep a local cache of the compliant endpoints or does it query the JAMF every time a re-auth happens (for any network tran...
Thanks Tim, GregoryI am aware of the Service check for the agent. But the customer requirement specifically is to check the compliance status of the agent. Anyway, I was thinking if there is a ForeScout registry entry that gets set to a specific valu...
