{"pageModel":{"attributes":{"id":"","name":"121397.dita","viewName":"DitaDetail"},"elements":{"ditaContent":{"name":"DITAContent","value":"<article id=\"add-a-vpn-connection-posture-profile\" class=\"topic task\">\r\n<h1 class=\"title topictitle1\">Add a VPN Connection Posture Profile</h1>\r\n<div class=\"body taskbody\">\r\n<section class=\"section context\">\r\n<p class=\"p\">Configure a VPN connection posture profile to define posture requirements for end-user devices connecting to the network using VPN. The VPN client must be installed on the end-user device, and Secure Access checks the requirements when the device connects to the network.</p>\r\n<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">Each requirement is optional. Configure requirements in any order. Endpoints must meet all conditions of any configured requirement.</div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</section>\r\n<div class=\"section prereq p\">\r\n<div class=\"tasklabel\">\r\n<h1 font-weight=\"bold\" class=\"sectiontitle tasklabel cB_Bold\">Before you begin</h1>\r\n</div>\r\n<ul class=\"ul\">\r\n<li class=\"li\">Full Admin role in Secure Access. For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/118836.dita\" title=\"\">Manage Accounts</a>.</li>\r\n</ul>\r\n</div>\r\n<div>\r\n<h3>\r\n<h3 font-weight=\"bold\" class=\"sectiontitle tasklabel cB_Bold\">Procedure</h3>\r\n</h3>\r\n</div>\r\n<table class=\"stepTable\" border=\"0\">\r\n<tbody>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">1</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">Navigate to <span class=\"menucascade\">\r\n<span class=\"ph uicontrol\">Secure</span> &gt; <span class=\"ph uicontrol\">Profiles</span> &gt; <span class=\"ph uicontrol\">Endpoint Posture Profiles</span></span>.</p>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">2</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For <span class=\"ph uicontrol\">VPN Connection</span>, click <span class=\"ph uicontrol\">Add Posture Profile</span>.</p>\r\n<div class=\"itemgroup info\">\r\n<img class=\"image\" src=\"110859.png\" alt=\"Endpoint Posture Profiles page showing option to add new posture profile\" data-src=\"110859.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">3</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">Give your posture profile a good descriptive <span class=\"ph uicontrol\">Name</span>.</p>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">4</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">\r\n          For the <span class=\"ph uicontrol\">Operating System</span> option, choose the operating systems for your profile. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next</span> to select endpoint security agents.</p>\r\n<div class=\"itemgroup info\"> For more information, seee  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120178.dita\" title=\"\">Supported Operating Systems</a>.<img class=\"image\" src=\"111624.png\" alt=\"Operating System page showing option to select the desired operating system for posture profile and save the changes\" data-src=\"111624.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">5</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Endpoint security agent</span> option, choose the operating systems for your profile. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next</span> to select Windows registry entries.</p>\r\n<div class=\"itemgroup info\"> For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120179.dita\" title=\"\">Endpoint Security Agents</a>.<img class=\"image\" src=\"115263.png\" alt=\"Endpoint security agents page showing option to select the desired endpoint security agent for the posture profile and save the changes\" data-src=\"115263.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">6</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Windows registry entries</span> option, choose the operating systems for your profile. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next</span> to select endpoint firewalls.</p>\r\n<div class=\"itemgroup info\">\r\n<p class=\"p\">For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120189.dita\" title=\"\">Windows Registry Entries</a>.</p>\r\n<img class=\"image\" src=\"108954.png\" alt=\"Windows registry entries page showing option to select the desired Windows registry entries for the posture profile and save the changes\" data-src=\"108954.png\" width=\"700\" height=\"\">\r\n<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">The posture check for the Registry Path only requires the navigation path to the directory containing the registry. The key name of the registry should <span class=\"ph uicontrol\">not</span> be included in the registry path.</div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">7</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Firewall</span> option, choose the firewall for your profile. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next</span> to select disk encryption.</p>\r\n<div class=\"itemgroup info\">For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120181.dita\" title=\"\">Firewall Requirements</a>.<img class=\"image\" src=\"110262.png\" alt=\"Firewall page showing option to select the desired firewall for the posture profile and save the changes\" data-src=\"110262.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">8</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Disk encryption</span> option, choose the disk encryption package(s) for your profile. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next </span>to configure any OS file requirements.</p>\r\n<div class=\"itemgroup info\"> For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120176.dita\" title=\"\">Disk Encryption</a>.<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">By default the disk encryption check only detects for the presence of disk encryption software but does not require that particular disk drives are encrypted. On a Windows platform it is possible to require that the default C:\\ drive is encrypted. Reach out to your Cisco team for assistance.</div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<img class=\"image\" src=\"112023.png\" alt=\"Disk encryption page showing option to select the desired disk encryption packages for the posture profile and save the changes\" data-src=\"112023.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">9</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">File</span> option, specify any files that are required for the operating system. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next </span>to configure any OS process requirements.</p>\r\n<div class=\"itemgroup info\"> For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120180.dita\" title=\"\">File Requirements</a>.<img class=\"image\" src=\"113971.png\" alt=\"File page showing option to specify the files required for the operating system and save the changes\" data-src=\"113971.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">10</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Processes</span> option, specify any process that are required for the operating system. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next </span>to configure any endpoint certificates.</p>\r\n<div class=\"itemgroup info\">\r\n<p class=\"p\">For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120183.dita\" title=\"\">Process Requirements</a>.\r\n          </p>\r\n<img class=\"image\" src=\"115620.png\" alt=\"Processes page showing option to select the desired processes for the operating system and save the changes\" data-src=\"115620.png\" width=\"700\" height=\"\">\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">11</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">For the <span class=\"ph uicontrol\">Certificate</span> option, specify up to two certificates to authenticate each endpoint. Click <span class=\"ph uicontrol\">Save and Exit</span> or <span class=\"ph uicontrol\">Next</span> to return to the OS requirements.</p>\r\n<div class=\"itemgroup info\">\r\n<p class=\"p\">For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120175.dita\" title=\"\">Certificate Requirements</a>.</p>\r\n<img class=\"image\" src=\"113960.png\" alt=\"Certificate page showing option to specify up to two certificates for endpoint authentication and save the changes\" data-src=\"113960.png\" width=\"700\" height=\"\">\r\n<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">\r\n            If you select <span class=\"ph uicontrol\">SAML attribute name</span> as a certificate type with the intention of using this profile in a VPN profile, the subject name must match the group attribute statement in your SAML application configuration.\r\n          </div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n</td>\r\n</tr>\r\n<tr class=\"li step\">\r\n<td align=\"center\" valign=\"middle\" class=\"ordered-number\">12</td>\r\n<td align=\"left\" valign=\"top\" border=\"0\">\r\n<p class=\"ph cmd\">Review and finalize the profile.</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n</article>\r\n","ditaVal":"","format":"html"},"bookTitle":{"value":""},"shortDescription":{"value":""}}},"parameters":{"appId":"SecureAccess","topicAlias":"add-vpn-posture-profile"}}