CLIENT VPN POSTURE AND REMEDIATION

Doke
Here to help

CLIENT VPN POSTURE AND REMEDIATION

I would like to perform system health checks to clients connecting to our VPN remotely, to make sure at the very least they are compliant with antivirus. Is there any way to do this in Meraki MX100? I believe the answer is no. It appears they have a bad implementation that is Java based for internal wifi connection, however if i am correct if you don't have Java you can blow right by it. I mean can we get a little help here from CISCO ISE? that would be FABULOUS. Please let me know what you all have done to meet this need?

6 REPLIES 6
Terrence
Here to help

Under Security appliance, access control

turn on splash page (click-through or sign-on with)

Under the Netwrok acess control section there is an option to check clients for antivirus software

 

Hope this helps

 

 

CMNO, Dell Certified, A+

Yeah that is the Java based implementation i was referring to, if you are on a mac or dont have java installed you can blow by it.

PhilipDAth
Kind of a big deal
Kind of a big deal

I have not tried this with VPN ...

 

If Systems Manager is install you can have group policy dynamically assigned based on the state of things like antivirus.  However it normally does not rectify or update itself very quickly.

 

Some sample screenshots ("block gambing" is a test policy we use - as well, it is easy to test things but not get in the way of normal business):

 

Screenshot from 2018-04-06 06-50-56.pngScreenshot from 2018-04-06 06-51-46.png

These systems will not be on the domain and possibly not accountable to group policy in this aspect.if my brain is working correctly.

PhilipDAth
Kind of a big deal
Kind of a big deal

Systems Manager does not care if a machine is on the domain or what your group policy is.  It just checks the machine state.

you meant policy on the Meraki gotcha, i see where you are talking about. it peaks my interest ill take a look at it. guess it boils down to options after the policy is created on what to do with them.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels