View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0279 - ISE 2.2 Posture Assessment with AnyConnect Client (Part 1)

Rating: 
5
Average: 5 (2 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0279 - Video Download $21.00
Purchase SEC0279 - Video Download $21.00
The video looks at posture assessment with AnyConnect on Cisco ISE 2.2. The main focus will be new posture checks introduced in recent ISE version, App Collection, Windows Firewall and Anti-Malware. Using wired Windows 10, we will step through the posture assessment process, starting with AnyConnect download, and, test auto-remediation to bring the machine to a compliant state. The video closes with ability to control applications with App Control.
 
Part 1 of this video covers Client Provisioning Policy and Posture Profile configuration
 
Topic:
  • Posture Workcenter
  • Authorization Policies
  • Policy Elements
    • Results (Authorization Profile, dACL, VLAN)
  • Client Provisioning Policies
  • Client Provisioning Portal
  • AnyConnect Posture Profile and Configuration
  • Cisco AnyConnect Client with ISE Posture Module (Windows)
  • Posture Compliant/Non-Compliant/Unknown States
  • Posture Policies
    • App Collection
    • Windows Firewall
    • Windows Defender Anti-Malware
  • Posture Remediation
  • Application Control

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new Cisco technologies.

5 comments

Thank you so much.

Hi labminutes,

I have some questions about Posture Assessment, please help me answers it.

1. As i see in your videos, client connect to network and will be redirect to web portal to download AnyConnect Agent for Posture Assessment. So, can i download AnyConnect Agent and install for client through AD's GPO before client connect to network. And then, when they connect to network, AnyConnect will automaticly do Posture Assessment. Can i do that ?

2. With software in support list of Cisco like Symantec EndPoint Protection, i can check it install/running and latest version. With softwares not in support list of Cisco ISE, i can check them by file conditions, process conditions but can't check are they latest version or not. Do you have any idea for this ?

Many thanks,
Quang

1. Absolutely. Posture Module can be pre-deployed along with AnyConnect client with Posture profile using your software distribution system so the client is ready to run posture assessment first time it connects to the network

2. Correct. If the AV/AS vendor is not supported, there is no way to perform latest update check.

Thanks labminutes for answer my question, Can you explain how can we pre-deployed AnyConnect client ? Cause when we download AnyConnect from Cisco webpage, it doesn't have needed module or point to ISE ip address as a NAC Server like we download directly from ISE ?

This is usually through your software distribution system. For module-specific install, please refer to Cisco doc.

Lab Minutes Classifieds