Hi Experts, I am integrating the Juniper 2200EX running JunOS 15.1r with ISE ver 2.6 While the authentication via dot1x goes well and the endpoint gets the IP address. The final access is just permit access in authz profile. When I try to take a remote desktop from this dot1x enabled port another endpoint, the loses its IP address. The moment I close the remote connection, the endpoint regains the IP address. But, remote desktop is able to take remote of the endpoints which are on non dot1x ports on the same switch. There are no ACLs assigned on the interface and access VLAN is applied on the interface. I have followed the default configuration from communities from here (https://community.cisco.com/t5/security-documents/ise-third-party-nad-profiles-and-configs/ta-p/3648719) I am not sure what I am missing, any insights would be really appreciated. ... View more

Hello Experts, I would like to extract reports based on the TLS version being used by the endpoints, as seen here: But, was not able to locate such a filter on ISE Reporting, any pointers to the same? Or is this something that cannot be extracted from ISE? ... View more

Hello Experts, I am bit stuck in creating a if then condition using the compound condition operators. I am trying to create something like this, if cond1 successful, then check cond2 else skip the posture check. The reason to get to this apporach is to run these posture checks only on endpoints fulfilling cond1. I have formulated it in this way, !cond1 &cond2, also, !(cond1&cond2). But this approach is failing for me. Could anyone point me to the right logic that I need while formulating this use case? ... View more

Hi Experts, In ISE 2.4, I see this posture condition,  Hardware_Attributes_Check. But inside there are no other parameters to tune with? How and when to use this posture condition? Or what are the applicable use case when it comes to using this condition? Thank you, ... View more

Hi Experts, I am using ISE 2.2.0.470 with patch 16 I have created a few profiling policies to segregate laptops, and then called them in logical profile as corporate laptops. Using this logical profile I want to run a few posture policies only for laptops. But, now I am stuck, as I am not able to call this logical profile inside my posture policy. I can see that there is something called as NAC_Profiler, is that similar to endpoint groups or logical profiles? If calling logical profiles is not possible then, is it possible to move the endpoint groups that are created by profiling policies to under some other parent groups, such as Registered endpoints, as I can see that is populating in posture policy here: Is this something which is limited by the design or there is any workaround that I should be looking at? ... View more