Symantec endpoint definitions not updating client
If the endpoint satisfies the requirement, a compliance report will be sent to the Cisco ISE node that assumes the Policy Service persona and the run-time services triggers a Change of Authorization (Co A) for the posture compliant status.If the endpoint fails to satisfy the requirement, a noncompliance report will be sent to the Cisco ISE node that assumes the Policy Service persona and the run-time services triggers a Co A for the posture noncompliant status.If you do not have a policy associated with the role, then the run-time services communicate to the NAC Agent with an empty requirement.If you have a policy associated with the role, then the run-time services run through the posture policies through one or more requirements associated with the policies and for each requirement through one or more conditions.The NAC Agent sends the appropriate compliance report to the Cisco ISE server once postured compliant or noncompliant.
At the same time, the NAC Agents enforce security policies on noncompliant endpoints by blocking network access to your protected network.
For example, the client can access remediation-only resources on the network.
The NAC Agent that is installed on the client validates the requirements for an endpoint and the endpoint is moved to a compliant state upon successful validation of the requirements.
If the endpoint is compliant or noncompliant, then the posture run-time services triggers a Co A for that endpoint session.
Based on the profile configured for compliant or noncompliant, the end user gets the appropriate level of access privileges to the network.For descriptions of the various types of agents availalbe in Cisco ISE, see .