Author Topic: AND THE CONFIG IS COMPLETED (Read 15843 times)

adecisco · « **on:** December 02, 2013, 02:16:55 AM »

The project so far is that the configuration is completed. Moving to phase of rolling out.

The earlier issues is solved WSUS is now working fine and Window update remediation is work perfectly well.

I am available for anybody who need answer question and clarifications if you are deploying the same.

MC · « **Reply #1 on:** December 02, 2013, 09:50:43 PM »

Glad to here things are working well

. Could you shed some light on the WSUS issue and what the fix was?

adecisco · « **Reply #2 on:** December 03, 2013, 07:09:53 AM »

Yeah the catch is between selecting severity check and Cisco define check. For some reason with severity check Agent will not be able to contact WSUS and will not be able to cross check the update.

Please an issues just came up AV fails automatic remediation. I thought it's the simplest until I encounter it. The anti-virus server is McAfee is there any way out of this?

Also is there a way of filtering posture check summary from agent to only failed posture.

Find in the attached.

Your urgent response will be appreciated.

Thanks.

MC · « **Reply #3 on:** December 03, 2013, 01:48:38 PM »

You would want to find out if the NAC agent (actually it's the AV agent) even try to talk to the AV server using packet capture. If it does not, double check the remediation configuration.
Could you elaborate on the filtering posture check? Not sure if I know what you mean.

adecisco · « **Reply #4 on:** December 03, 2013, 07:40:17 PM »

Really packet capture shows that the packet is not reaching the server during posture but what I notice is if authc is using DOT1X I could not ping though ICMP is allowed but MAB I could ping.

By filter I mean you want to limit security check summary report as indicated in the attached document to only fail posture. You want to remove the pass posture so that user does not need to know what posture is looking for.

MC · « **Reply #5 on:** December 03, 2013, 11:58:36 PM »

If there is no packet reaching the server, you will need to figure out if the agent is trying but being blocked by the DACL or it does not even try. Can you run packet capture on the client itself and see which is the case?

I don't think you have any control on which posture results are shown to the users. When everything passes, they shouldn't see the list unless the user clicks on the NAC agent icon. When something fails, the whole list is shown to the user for both pass and fail.

adecisco · « **Reply #6 on:** December 04, 2013, 12:13:06 AM »

Thanks MC,

I have sorted out the issues. The problem here is with RACL so what I have to do is invert DACL and specifically use the inverted for RACL and that sort things out.

It's amazing how ACL redirection can be a big pain is not properly handle.

I appreciate you..

Search

User Info

Author Topic: AND THE CONFIG IS COMPLETED (Read 15843 times)

adecisco

AND THE CONFIG IS COMPLETED

MC

Re: AND THE CONFIG IS COMPLETED

adecisco

Re: AND THE CONFIG IS COMPLETED

MC

Re: AND THE CONFIG IS COMPLETED

adecisco

Re: AND THE CONFIG IS COMPLETED

MC

Re: AND THE CONFIG IS COMPLETED

adecisco

Re: AND THE CONFIG IS COMPLETED

Related Topics