cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
698
Views
1
Helpful
2
Replies

Passive-ressessment issue

Attila Horvath
Level 1
Level 1

Hi,

Tried to implement 1 day Posture lease time with 4 hours PrA.

If I switch on Reassessment Enforcement, and re-connect  a Compliant machine again to net,

it is force a posture check every time.

At ISE posture logs I see a Compliant entry ("Bypass posture since the endpoint is compliant" ),

but immediately afterwards I see a

PRA INFO: PRA is starting

and after this the client preforms a complete re-check.

Why?

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

What you are seeing is expected. Since the initial posture is by-passed due to posture lease, the user will get compliant access right away and then PrA will kick off in place of the initial assessment to start off the timer.

Screen Shot 2017-10-21 at 4.56.39 PM.pngScreen Shot 2017-10-21 at 5.22.52 PM.png

View solution in original post

2 Replies 2

kthiruve
Cisco Employee
Cisco Employee

Hi.

Please make sure the you have a authz policy with condition that includes session: Agent-request-type = Periodic reassessment.

Periodic reassessment requires machine to be compliant and also choose the appropriate option when configuring Periodic reassessment

from Administration>System>Setting>Posture>Reassessment, choose the enforcement type continue.

Thanks

Krishnan

hslai
Cisco Employee
Cisco Employee

What you are seeing is expected. Since the initial posture is by-passed due to posture lease, the user will get compliant access right away and then PrA will kick off in place of the initial assessment to start off the timer.

Screen Shot 2017-10-21 at 4.56.39 PM.pngScreen Shot 2017-10-21 at 5.22.52 PM.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: