06-20-2018 08:33 PM
Hi,
I just want to confirm my understanding that Anyconnect agent do posture verification at PRA interval without applying unknown/non-compliant posture profile having restricted access(DACL).
User will have full production access while carrying out periodic posture reassessment or verification. And he will get remediated if posture is non-compliant.
Is my understanding correct?
Regards,
D.M.Gore
Solved! Go to Solution.
06-21-2018 04:10 AM
06-21-2018 04:10 AM
Yes
06-25-2018 09:44 PM
Thx for confirmation.
We also observed that non-compliant posture profile does not get applied not only during verification but also at remediation window. User has production access during remediation window. Non-compliant posture profile gets applied only after he is not able to remediate within remediation window.
Is there any setting that will invoke posture verification after system declared as non-compliant. Reason we are asking is that, customer will remediate non-compliant system. But there is no method that ISE again do posture verification and allow production access to that remediated system.
06-27-2018 01:02 PM
in anyconnect 4.6 there is a rescan function, before that release user would have to unplug or disconnect wireless and reconnect
Posture Rescan—AnyConnect users now have the option to manually restart posture at any point of time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide