Cisco Secure Connect - ZTNA Endpoint Posture Profile
Overview
Endpoint posture profiles is an optional security requirement that can be attached to ZTA rules. Posture ensures the endpoint connecting meets the security requirements defined in the profile. This document covers ZTNA client and browser-based posture profiles.
Related pages
Profile Config
- Navigate to Secure Connect -> Policies -> Endpoint Posture
- Select Zero trust network access and Browser-based access
- In the upper right corner, click + Add profile
Client-based Access ZTNA Posture
Client-based ZTNA posture the following posture checks for Windows, macOS, Apple iOS and Samsung endpoints. The example and table below document the supported checks across the different operating systems.
- After hitting + Add profile, give your posture profile a good descriptive Profile name and select Client-based
- Proceed by configuring at least 1 of the following posture conditions:
Example Posture
Checks & Operating Systems Support
Check | Windows | macOS | Apple iOS | Samsung (Android) |
Operating System | Yes | Yes | Yes | Yes |
Firewall | Yes | Yes | No | No |
Endpoint Security Agent | Yes | Yes | No | No |
System Password | Yes | Yes | No | No |
Disk Encryption | Yes | Yes | No | No |
- Operating Systems
- Check the version of the operating system
- Offers a the following grace periods (0 days, 2 weeks, 1 month, 2 months, 3 months)
- Firewall
- Checks that the OS native firewall is active
- Endpoint Security Agent
- Checks that specific endpoint security agents are installed on the endpoint. Example: Cisco Secure Endpoint or Crowdstrike
- System Password
- Checks that the connecting endpoint has a password enabled.
- Disk Encryption
- Checks that the OS native disk encryption is enabled.
Browser-based Access ZTNA Posture
Browser-based Access ZTNA posture is based on the provided user-agent by the endpoint browser. Endpoints with user agent modified can cause issues with browser-based posture.
- After hitting +Add profile, give your posture profile a good descriptive Profile Name and select Browser-based
- Proceed by configuring at least 1 of the following posture conditions:
Example Browser Posture
Operating System Requirement
Operating system and browser version is no longer supported. If you require location-based restrictions, work with support or your Cisco Sales rep to request the feature.
- Select the operating system(s)
- Add the requirement via the Add to profile button
Browser Requirement
-
Select the desired browser(s)
-
Add the requirement via the Add to profile button
Location Requirement
Location-based restrictions are no longer supported. If you require location-based restrictions, work with support or your Cisco Sales rep to request the feature.