Skip to main content
Cisco Meraki Documentation

Cisco Secure Connect - ZTNA Endpoint Posture Profile

Overview

Endpoint posture profiles is an optional security requirement that can be attached to ZTA rules. Posture ensures the endpoint connecting meets the security requirements defined in the profile. This document covers ZTNA client and browser-based posture profiles.

Profile Config

clipboard_eda7bc22d78adab7d8c787eb49a95ab5d.png

  1. Navigate to Secure Connect -> Policies -> Endpoint Posture
  2. Select Zero Trust network access and Browse-based access
  3. In the upper right corner, click +Add Profile

Client-based Access ZTNA Posture

Client-based ZTNA posture the following posture checks for Windows, macOS, Apple iOS and Samsung endpoints. The example and table below document the supported checks across the different operating systems.  

  1. After hitting +Add profile, give your posture profile a good descriptive Name and select client-based
  2. Proceed by configuring at least 1 of the following posture conditions:

Example Posture

clipboard_e503e448fc2421e8f30f66a6c7eb8730c.png

Checks & Operating Systems Support

Check Windows macOS Apple iOS Samsung (Android)
Operating System  Yes Yes Yes Yes
Firewall Yes Yes No No
Endpoint Security Agent Yes Yes No No
System Password Yes Yes No No
Disk Encryption  Yes Yes No No

 

  • Operating Systems 
    • Check the version of the operating system
    • Offers a the following grace periods (0 days, 2 weeks, 1 month, 2 months, 3 months)
  • Firewall
    • Checks that the OS native firewall is active
  • Endpoint Security Agent
    • Checks that specific endpoint security agents are installed on the endpoint. Example: Cisco Secure Endpoint or Crowdstrike
  • System Password
    • Checks that the connecting endpoint has a password enabled. 
  • Disk Encryption 
    • Checks that the OS native disk encryption is enabled.

 

Browser-Based Access ZTNA Posture 

Browser-based Access ZTNA posture is based on the provided user-agent by the endpoint browser. Endpoints with user agent modified can cause issues with browser-based posture. 

  1. After hitting +Add profile, give your posture profile a good descriptive Name and select browser-based
  2. Proceed by configuring at least 1 of the following posture conditions:

Example Browser Posture

clipboard_e07f848894048d1e5638ac90f66d512e9.png

Operating System Requirement

  • Select the operating system(s)
  • Add the requirement via the Add to profile button
  • Specify the grace period to upgrade to the latest 
    • Offers a the following grace periods (0 days, 2 weeks, 1 month, 2 months, 3 months)

clipboard_e5eec233158eb90fc5908c2905fafb0c4.png

 

Browser Requirement 

  • Select the desired browser(s)

  • Add the requirement via the Add to profile button

clipboard_e05a18c421ebe5309de14f526c2fada8e.png

Location Requirement

Location-based restrictions are no longer supported. If you require location-based restrictions, work with support or your Cisco Sales rep to request the feature.