These are questions that I believe only Meraki's engineering team will know how to answer.
Yeah maybe! Just wanted to see if anyone in the community had some experience around this.
I believe this documentation can help you.
I have read this article (have a link to it in the post). The last section explains the limited profiling capabilities with Meraki and ISE, but I want to believe there is more support to it with pxGrid or similar, as other vendors have solved it!
I don't know the answer.
With AnyConnect there is an "ISE Compliance" module. This can talk to ISE, letting ISE get detailed information about the machine. I've never used this module.
There is also a NAM module, which is basically 802.1x but integrated into the same AnyConnect and compliance environment.
You can use both of these without the VPN module.
Also note that the whole system is now called "Cisco Secure Client".
There is some info about using it here:
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/endpoint-compliance-using-sec...
Thanks. Im very familiar with these modules and worked with them before. The modules are great but only works on devices that have support for an agent. The profiling scenarios i'm interested in has to agent-less as most devices that are of interest can't run an agent unfortunately.
Thank you for the link, I appreciate you.
I want to thank you for your responses and help with the questions I had. I will create a case to Meraki and Cisco to see if there is a way to use ISE pxGrid to fetch information from Meraki's API and use that information to make decisions about authorizations.
If anyone is interested in this use case, I can return later to this post and summarize my findings 🙂
Best regards,
arom