You are here
SEC0279 - ISE 2.2 Posture Assessment with AnyConnect Client (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video looks at posture assessment with AnyConnect on Cisco ISE 2.2. The main focus will be new posture checks introduced in recent ISE version, App Collection, Windows Firewall and Anti-Malware. Using wired Windows 10, we will step through the posture assessment process, starting with AnyConnect download, and, test auto-remediation to bring the machine to a compliant state. The video closes with ability to control applications with App Control.
Part 2 of this video covers Authorization Policy configuration and AnyConnect download
Topic:
- Posture Workcenter
- Authorization Policies
-
Policy Elements
- Results (Authorization Profile, dACL, VLAN)
- Client Provisioning Policies
- Client Provisioning Portal
- AnyConnect Posture Profile and Configuration
- Cisco AnyConnect Client with ISE Posture Module (Windows)
- Posture Compliant/Non-Compliant/Unknown States
-
Posture Policies
- App Collection
- Windows Firewall
- Windows Defender Anti-Malware
- Posture Remediation
- Application Control
7 comments
GuestAccess
Hello. Thank you, for your sharings. I want to clarify one thing. I want to make posture for Sponsored Guest Access network. I enabled it in CWA portal edit and created provisioning policy by condition "Guest Flow". After i enter guest username password it forwards me provisionin page as it was shown on flow. I accep java things and etc., but after i do everything no NAC Agent is downloaded. It just says "IP address renewal ...." and gives me internet access.
GuestAccess
Just to clearify. Are you trying to use AnyConnect Posture Agent or NAC Web Agent?
Anyconnect Posture Module with SCCM
HI,
I would like to deploy Anyconnect posture module with SCCM software distribution. How would i push the posture profile or the config to posture module?
Regards,
MD
Anyconnect Posture Module with SCCM
Please refer to Cisco AnyConnect doc. It shows you how to put together a package and which directory to put them in. Below is also a post on Cisco community on the topic.
https://community.cisco.com/t5/policy-and-access/anyconnect-deploy-with-sccm-help/td-p/3000498
Redirect ACL not working for WLC
I have created redirect ACL at WLC the same way as mentioned in video for Switch but seems it is not working, is there any specific config for WLC posturing.
Thanks
Redirect ACL not working for WLC
Which WLC model are you using? Do you see redirect ACL in the client session? What exactly is not working?
Redirect ACL not working for WLC
It worked, we just need to make an opposite of redirect ACLon WLC as compared to ASA, your videos helps a lot, thanks.
MandeeP