Endpoint Posture Profiles (for Endpoint Requirements)
You can require endpoints to meet requirements such as operating system version, firewall, and disk encryption before connecting to a network or resource. _These requirements are rule-matching criteria that determine whether a rule matches the traffic. _
Endpoint requirements are defined in posture profiles. There are several types of posture profile, depending on the type of connection and characteristics of the end-user device:
- Client-based zero-trust posture profiles: For end-user devices on which the Cisco Secure Client is installed
- Browser-based zero-trust posture profiles: For end-user devices on which the Cisco Secure Client is NOT installed
- VPN posture profiles: For end-user devices that are connected to the network using remote access VPN.
When you configure a private resource, you will specify which of the above types of connections are allowed for that resource.
When you create a private access rule, you will specify a posture profile with device requirements for each type of connection allowed by the private resources specified as destinations in the rule.
You can create different posture profiles, each with a different set of requirements, then choose appropriate profiles for each rule.
You can specify default posture profiles for zero-trust access connections (client-based and browser-based.) Create a profile with the desired default endpoint requirements for each connection type, then specify the default profiles on the Rule Defaults page. See Rule Defaults and Edit Rule Defaults and Global Settings.
Posture profile options apply only to User and User Group sources.
VPN posture is evaluated when the user connects to the network, which occurs before access rules evaluate the traffic.
Endpoint posture is not evaluated for branch connections.