Configuring ISE Compliance Services
LAB: Configuring ISE Compliance Services
Below is the topology provided to configure in lab
- Configure ISE to Retrieve Posture Update Configuration from Cisco online.
- Configure General Posture Setting for Global Posture processing
- Review Posture Lease Setting , Modify Demo Self-Reg Portal for Guest Compliance
- Configure dACLs for use in Compliance-Based Access
- Configure Authorization Profiles which will be utilized in Compliance based Processing
- Modify Wired_Access Policy set to process access based on compliance Status.
Here we will do manual Posture update on ISE. Navigate to WorkCentre | Posture | Overview and in this section, Select Posture Updates.
Ensure that Update URL is set to default. Enable automatically check for updates starting from initial day. Once initial download is done, then incremental updates will follow automatically from Cisco. Click Save and then Update Now. Refer below figure.
Once it is done, you will see all the update information done by Cisco, Refer the above figure for details.
Posture General Setting:
Navigate to Work Center | Posture | Setting and click Posture General Setting
This setting is used when there is no profile under client provisioning policy. We will be configuring the client provisioning policy later but now we will be configuring all base line required for that.
Follow the configuration as mentioned below in figure and once done Click on Save.
Navigate to Work center | Guest Access | Configure | Guest Portals | Edit the Demo Self-Reg Portal.
Scroll down to Guest Device Compliance Setting and Enable Require Guest device Compliance.
Scroll UP click and Save.
Navigate to Administration | Device Portal Management | Setting | Retry URL, Configure Retry URL as mentioned in below figure and Save
Here we will configure a Compliance Policy Check.
Step 1: Create a dACL for Compliance
Navigate to Work Center | Posture | Policy Elements | in left pane, Click Downloadable ACls, Click ADD.
Create the dACL matching to below figure for Posture Remediation ACL. Once done click Submit.
Create dACL matching to below figure for AD Login Access, Once completed, submit.
Create the DACL for Internet only matching to below figure.
A URL Redirect ACL needs to be configured on Switch, Modify the Switch ACL as per below Screen Shots