02-04-2021 05:18 PM
Hi Guys,
We have Cisco FTD/FMC AnyConnect VPN up and running for 150 full-time staff for over a year, the staff have company's laptops, these laptops are fully joined the company's AD domain and fully windows patched and also have anti-virus installed monthly if not weekly.
We just hired 20 contractors, the contractors don't have company laptops but they have their own laptops and need access to our AnyConnect VPN. We'd like to give them access to our VPN but we need to make sure their laptops meet our security requirement (windows patches, anti-virus, anti-malware software installed...etc.) otherwise they will get denied access. Are there ways that Cisco AnyConnect VPN can check the end hosts for security requirements before authentication happened?
Thanks.
Solved! Go to Solution.
02-04-2021 11:48 PM
No natively in FMC, currently the only option is using Cisco ISE as well for authorization and posturing.
The users would connect to the VPN in a posture unknown state with limited access, posture checks would be run to determine (patches, AV, AM, registry values etc) and if compliant granted full/additional access to the network.
Reference:-
02-04-2021 11:48 PM
No natively in FMC, currently the only option is using Cisco ISE as well for authorization and posturing.
The users would connect to the VPN in a posture unknown state with limited access, posture checks would be run to determine (patches, AV, AM, registry values etc) and if compliant granted full/additional access to the network.
Reference:-
02-05-2021 04:55 PM
@Rob Ingram Thanks sir!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide