Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
3
Helpful
5
Replies

Secure Client Premier License for posture with ISE

Chess Norris
Level 4
Level 4

‎12-17-2023 03:17 AM - edited ‎12-17-2023 03:25 AM

Hello,

Does anyone know if I need both an ISE Premier License + Secure Client premier license for doing Posture.

Or is the Secure Client premier license only required for when doining posture without ISE?

I found this regarding license requirements here, which made me a bit confused. If I read this right, it seems like any Secure Client license will work https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/endpoint-compliance-using-secure-client-ise-posture-module-and-mc.html 

 

Licenses

  • ISE Premier license.

  • One of the following Secure Client licenses:

    Secure Client Premier, Secure Client Advantage, or Secure Client VPN Only.

  • Management center Essentials (formerly Base) license must allow export-controlled functionality.

Thanks

/Chess

 

 

 

 

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎12-17-2023 03:53 AM

as per i know you need  ISE premier top license that covers for ISE Posture you can find below license models :

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/ise-licensing-guide-og.html

Or is the Secure Client premier license only required for when doining posture without ISE?

you need some kind of mechanism for the Posture to kicking when the device come online - that is possible with ISE 802.1x with posture.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram
VIP
VIP

‎12-17-2023 04:19 AM

@Chess Norris well the Cisco Secure Client licensing guide confirms - "The second offer is Secure Client Premier, which includes more advanced services such as endpoint Posture (for Secure Firewall) , or ISE Posture through the Cisco Identity Services Engine).

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/secure-client-og.html

I'd probably confirm with your Cisco partner.

Chess Norris
Level 4
Level 4

‎12-17-2023 09:48 AM - edited ‎12-17-2023 09:49 AM

Thanks for the suggestions. This is just for a lab setup, but I am currious if the posture function will work if I just have Secure Client Plus and not premier licenses? Maybe it will work but it will be "out of compliance"? On the ISE server I already have the premier license. 

Thanks

/Chess

0 Helpful

Rob Ingram
VIP
VIP
In response to Chess Norris

‎12-17-2023 09:55 AM

@Chess Norris You should be fine running an evaluation license to test the ISE posture features. If doing ISE posture for VPN on an FTD you just need to run the FMC as eval and assign the correct AnyConnect/Secure Client license to the FTD in order to use that functionality.

Chess Norris
Level 4
Level 4

‎12-19-2023 01:07 AM

I was able to get som AnyConnect Apex (premiere) lab licenses from the Global Security Sales Organization (GSSO). They are valid for 90 days, so should give me enough time to test Posture.

/Chess

0 Helpful
Customers Also Viewed These Support Documents