12-17-2023 03:17 AM - edited 12-17-2023 03:25 AM
Hello,
Does anyone know if I need both an ISE Premier License + Secure Client premier license for doing Posture.
Or is the Secure Client premier license only required for when doining posture without ISE?
I found this regarding license requirements here, which made me a bit confused. If I read this right, it seems like any Secure Client license will work https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/endpoint-compliance-using-secure-client-ise-posture-module-and-mc.html
ISE Premier license.
One of the following Secure Client licenses:
Secure Client Premier, Secure Client Advantage, or Secure Client VPN Only.
Management center Essentials (formerly Base) license must allow export-controlled functionality.
Thanks
/Chess
12-17-2023 03:53 AM
as per i know you need ISE premier top license that covers for ISE Posture you can find below license models :
Or is the Secure Client premier license only required for when doining posture without ISE?
you need some kind of mechanism for the Posture to kicking when the device come online - that is possible with ISE 802.1x with posture.
12-17-2023 04:19 AM
@Chess Norris well the Cisco Secure Client licensing guide confirms - "The second offer is Secure Client Premier, which includes more advanced services such as endpoint Posture (for Secure Firewall) , or ISE Posture through the Cisco Identity Services Engine).
I'd probably confirm with your Cisco partner.
12-17-2023 09:48 AM - edited 12-17-2023 09:49 AM
Thanks for the suggestions. This is just for a lab setup, but I am currious if the posture function will work if I just have Secure Client Plus and not premier licenses? Maybe it will work but it will be "out of compliance"? On the ISE server I already have the premier license.
Thanks
/Chess
12-17-2023 09:55 AM
@Chess Norris You should be fine running an evaluation license to test the ISE posture features. If doing ISE posture for VPN on an FTD you just need to run the FMC as eval and assign the correct AnyConnect/Secure Client license to the FTD in order to use that functionality.
12-19-2023 01:07 AM
I was able to get som AnyConnect Apex (premiere) lab licenses from the Global Security Sales Organization (GSSO). They are valid for 90 days, so should give me enough time to test Posture.
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide