Skip to main content

 

Cisco Meraki Documentation

Remote Access - VPN Access Posture

VPN Posture

VPN Posture, will verify any combination of the following requirements on the endpoint before allowing that endpoint to connect to the Secure Connect cloud.

Related page
  1. Certificate
  2. Operating System type and version
  3. Anti-Malware
  4. Firewall
  5. Disk encryption

Posture check utilizes the Cisco Secure Client Secure Firewall Posture module (formally known as hostscan). Certificates on the client device need to be a 1 to 1 match to what is uploaded into the dashboard and should be placed in either the Trusted People, Trusted Publisher, Enterprise Trust, or Personal certificate stores (either local user or local machine as both are checked).

To enable Endpoint Posture for Client-based access, you can

  • Click View configuration under Client-based posture in Secure Connect -> Identities & Connections -> Remote Access page

clipboard_e4fd3c7c52f945395587700a2c8fa1aa5.png

  • Or go to Secure Connect -> Policies -> Endpoint Posture -> VPN access

Click the pencil icon to edit each type of postures you want to enable. 

clipboard_e6c81332b72e9e257e3763bed21efaa2a.png

 

  1. Certificate Requirements - The system will verify the endpoint has a specific certificate(s) before allowing it to connect to the network.

2.1 Certificate.png

2.2 Certificate.png

  1. Operating System Requirements - The system will verify the endpoint is running the specified operating systems (OS) and OS versions before allowing it to connect to the network. You can define timeframe for users to upgrade to required version as well.

3.1 OS.png

3.2 OS.png

  1. Anti-Malware Requirements - The system will verify the endpoint is running the specified anti-malware software before allowing it to connect to the network. Choose the operating system(s) and select the anti-malware software from the drop down.

4.1 Anti-Malware.png

4.3 Anti-Malware.png

Here is an example of when the admin chose Mac OS X; you can select multiple operating systems based on your needs. You can also define timeframe for users to upgrade to required version as well.

4.4 Anti-Malware.png

  1. Firewall Requirements - The system will verify the endpoint is running a local firewall application before allowing it to connect to the network. Choose the firewall software provider from the dropdown.

5.1 Firewall.png

Here is an example of when the admin chose Windows; you can select multiple operating systems based on your needs. 

5.3 Firewall.png

  1. Disk Encryption Requirements - The system will verify the endpoint has disk encryption enabled before allowing it to connect to the network. Choose the disk encryption software provider from the dropdown.

6.1 Disk Encryption.png

Here is an example of when the admin chose Linux; you can select multiple operating systems based on your needs. 

6.3 Disk Encryption.png

 

If you want to learn more on how to deployment Remote VPN Access, please refer to Remote Access Deployment.