View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0200 - ISE 1.3 Guest Access Posture Compliance

SEC0200 - ISE 1.3 Guest Access Posture Compliance

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video extends our knowledge on Cisco ISE 1.3 posture assessment to guest computers, specifically Windows, that do not have NAC Agent installed. Continuing on from our previous guest videos, we will enable device compliance check using temporal NAC web Agent. We will perform basic Antivirus software install check and look at both situations where the posture check passes and fails, in which case, we will also perform remediation.
 
Topic:
  • Guest Portal (Device Compliance)
  • Logical Profile
  • Authentication Policy
  • Policy Element Result
    • Authorization (dACL ACL)
    • Authorization (Authorization Profile)
  • Authorization Policy
  • Posture Policies
  • Client Provisioning Policies
  • Cisco Web Agent (Windows)
  • NAC Compliant/Non-Compliant/Unknown States
  • ClamWin Antivirus
Tag: 
ISE
ise 1.3
wired
posture
web agent

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

8 comments

Submitted by vinupeter on Tue, 06/23/2015 - 05:55

what will happen to Mobile devices in terms of compliance ? will they skip the posture validation ?

Submitted by admin on Thu, 06/25/2015 - 21:26

Most likely the device will be stuck in the unknown state. If you expect mobile devices, you might need to come up with two different policies, one using Windows Device as condition and redirect to the guest posture and another to catch all devices and pass them right through without posture.

Submitted by admin on Tue, 06/30/2015 - 15:16

Just tested with an iPhone and it looks like it bypasses the posture check completely and automatically become compliant.

Submitted by mehtas02 on Mon, 08/17/2015 - 07:20

Hi,

In the Posture checks, can we check if a mobile device is jailbroken or not. If yes, please can you advise how to put the rule in.

Regards
Sachin

Submitted by admin on Mon, 08/17/2015 - 21:53

For posture check on mobile devices, an MDM integration is required. Please see the videos below.

http://www.labminutes.com/sec0114_ise_12_byod_mdm_integration_1
http://www.labminutes.com/sec0193_ise_13_byod_meraki_mdm_integration_1

Submitted by Hz177799 on Thu, 10/15/2015 - 12:10

It s not working with nac agent

Submitted by spark_rod on Thu, 09/08/2016 - 01:35

Can we use the AnyConnect agent instead of NAC web agent for the guest? We want to guest to use anyconnect client for posturing.

Submitted by admin on Sun, 09/11/2016 - 11:44

We never tried this but you should be able redirect user to client provisioning portal after guest succesful login to have them download Anyconnect and posture module although some guest might not be willing to do this as it install new software on their machines.

Poll

Vote for the Next Video Series