AnyConnect Posturing with DUO Device Trust
AnyConnect Posturing with DUO Device Health App
For additional AnyConnect information, refer to the AnyConnect configuration guide.
The definition of the workplace has evolved rapidly in the last two years and security requirements have also continued to change. Posturing has become more important to ensure certain security requirements are met for a client device attempting to connect to your environment irrespective of where they are connecting from.
To set up posturing with DUO, these requirements must be met:
1. An MX running firmware version 16.16+ or 17.6+
2. AnyConnect authentication set to SAML with DUO as the Identity Provider
3. DUO beyond subscription
4. Device Health Policy configured in DUO
Posturing of AnyConnect remote access users can be accomplished with DUO Device Trust. The screenshot below shows a device health policy configured in within DUO to block acces to users with that have their client Firewall turned off.
Policy enforcement and User Remediation: We can see DUO Identify enforcing the configured policy by leveraging data from the Device Health App running on the client to enforce the Firewall policy requirement. The user is prompted to turn on the Firewall on their device before they can connect to the AnyConnect VPN Server.
For more information and details on configuration see:
How to configure DUO Device Trust.
For Meraki related inquiries contact meraki-anyconnect-beta@cisco.com