Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
4
Replies

Posture check for device certificate in FTD

carl_townshend
Spotlight
Spotlight

‎09-22-2025 04:03 AM

Hi All

We are using FTD managed by SCC, we do not have ISE

Is it possible to use the hostscan module to check for a machine certificate when connecting to our remote access VPN? Is so where do you do it? 

Cheers

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎09-22-2025 04:19 AM

@carl_townshend edit the Dynamic Access Policy and then the DAP record, define the criteria and select certificate.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/cluster/ftd_dap_usecases.html

Or you could just use double authentication and authenticate using the machine certificate aswell as the existing method.

 

0 Helpful

carl_townshend
Spotlight
Spotlight

‎09-22-2025 04:54 AM

Hi Rob

We seem to have the following options, it says multiple certificate authentication?

carl_townshend_0-1758542086688.png

 

0 Helpful

Rob Ingram
VIP
VIP
In response to carl_townshend

‎09-22-2025 05:01 AM

@carl_townshend ok seems like you have to use multiple certficates then with DAP.

Can you not reconfigure authentication to use certificates in addition to your primary method, that will ensure only devices with a machine certificate can authenticate.

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Rob Ingram

‎09-22-2025 08:21 AM

Hi, we already use MFA on authentication, I dont really want to change the authentication piece, I just wanted to check that the machine has the certificate installed.

0 Helpful
Customers Also Viewed These Support Documents