cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
301
Views
0
Helpful
4
Replies

Posture check for device certificate in FTD

carl_townshend
Spotlight
Spotlight

Hi All

We are using FTD managed by SCC, we do not have ISE

Is it possible to use the hostscan module to check for a machine certificate when connecting to our remote access VPN? Is so where do you do it? 

Cheers

4 Replies 4

@carl_townshend edit the Dynamic Access Policy and then the DAP record, define the criteria and select certificate.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/cluster/ftd_dap_usecases.html

Or you could just use double authentication and authenticate using the machine certificate aswell as the existing method.

 

carl_townshend
Spotlight
Spotlight

Hi Rob

We seem to have the following options, it says multiple certificate authentication?

carl_townshend_0-1758542086688.png

 

@carl_townshend ok seems like you have to use multiple certficates then with DAP.

Can you not reconfigure authentication to use certificates in addition to your primary method, that will ensure only devices with a machine certificate can authenticate.

Hi, we already use MFA on authentication, I dont really want to change the authentication piece, I just wanted to check that the machine has the certificate installed.