What's their reasoning? The ASA AnyConnect feature was designed for it. As were the Palo Global Protect features. I've configured both at my gig and it works well. We check for AV, Defs up to date, and a machine cert to validate it's a company owned device.
On Wed, May 17, 2017 at 6:17 AM David McSpadden <[email protected]> wrote: > Would like to check for Antivirus on an endpoint after they have connected > to my ASA VPN. Terminate tunnel if the inventory does not meet > requirements or at least notify admins of a potential issue. > > What I am thinking of is like a NAP but my firewall guys would like it not > on the ASA or the Palo when the migrate to it? > > Isn’t it best to have the NAP on the firewall and let it do the work prior > to actually connecting to SCCM or Active Directory? > > > > > > *David McSpadden* > > Systems Administrator > > Indiana Members Credit Union > > P: 317.554.8190 <(317)%20554-8190>| F: 317.554.8106 <(317)%20554-8106> > > [image: Description: imcu email icon] <http://imcu.com/> [image: > Description: facebook email icon] > <https://www.facebook.com/IndianaMembersCU> [image: Description: twitter > email icon] <https://twitter.com/IndMembersCU> > > [image: Description: email logo] > > [image: Image result for mcp logo] > <https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw&url=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/&psig=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ&ust=1493471205430002> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. >
