Skip to main content
Cisco Meraki Documentation

Remote Access - Client-based Posture

  1. Last updated
  2. Save as PDF

Client-based Posture

Client-based Posture, will verify any combination of the following requirements on the endpoint before allowing that endpoint to connect to the Secure Connect cloud.

  1. Certificate
  2. Operating System type and version
  3. Anti-Malware
  4. Firewall
  5. Disk encryption

Posture check utilizes the AnyConnect/Cisco Secure Client Secure Firewall Posture module (formally known as hostscan). Certificates on the client device need to be a 1 to 1 match to what is uploaded into the dashboard and should be placed in either the Trusted People, Trusted Publisher, Enterprise Trust, or Personal certificate stores (either local user or local machine as both are checked).

To enable Endpoint Posture for Client-based access, you can

  • Click View configuration under Client-based posture in Secure Connect -> Identities & Connections -> Remote Access page

Client-based posture.png

  • Or go to Secure Connect -> Policies -> Endpoint Posture -> Client-based access

Click the pencil icon to edit each type of postures you want to enable. 

1 Open Page.png

  1. Certificate Requirements - The system will verify the endpoint has a specific certificate(s) before allowing it to connect to the network.

2.1 Certificate.png

2.2 Certificate.png

  1. Operating System Requirements - The system will verify the endpoint is running the specified operating systems (OS) and OS versions before allowing it to connect to the network. You can define timeframe for users to upgrade to required version as well.

3.1 OS.png

3.2 OS.png

  1. Anti-Malware Requirements - The system will verify the endpoint is running the specified anti-malware software before allowing it to connect to the network. Choose the operating system(s) and select the anti-malware software from the drop down.

4.1 Anti-Malware.png

4.3 Anti-Malware.png

Here is an example of when the admin choose Mac OS X, you can select multiple operating systems based on your needs. You can also define timeframe for users to upgrade to required version as well.

4.4 Anti-Malware.png

  1. Firewall Requirements - The system will verify the endpoint is running a local firewall application before allowing it to connect to the network. Choose the firewall software provider from the dropdown.

5.1 Firewall.png

Here is an example of when the admin choose Windows, you can select multiple operating systems based on your needs. 

5.3 Firewall.png

  1. Disk Encryption Requirements - The system will verify the endpoint has disk encryption enabled before allowing it to connect to the network. Choose the disk encryption software provider from the dropdown.

6.1 Disk Encryption.png

Here is an example of when the admin choose Linux, you can select multiple operating systems based on your needs. 

6.3 Disk Encryption.png

 

If you want to learn more on how to deployment Remote Access, please refer to Remote Access Deloyment.