And yes, it is preferred to have a machine checked BEFORE it's allowed on the network...
On Wed, May 17, 2017 at 6:34 AM Don Ely <[email protected]> wrote: > What's their reasoning? The ASA AnyConnect feature was designed for it. > As were the Palo Global Protect features. I've configured both at my gig > and it works well. We check for AV, Defs up to date, and a machine cert to > validate it's a company owned device. > > On Wed, May 17, 2017 at 6:17 AM David McSpadden <[email protected]> wrote: > >> Would like to check for Antivirus on an endpoint after they have >> connected to my ASA VPN. Terminate tunnel if the inventory does not meet >> requirements or at least notify admins of a potential issue. >> >> What I am thinking of is like a NAP but my firewall guys would like it >> not on the ASA or the Palo when the migrate to it? >> >> Isn’t it best to have the NAP on the firewall and let it do the work >> prior to actually connecting to SCCM or Active Directory? >> >> >> >> >> >> *David McSpadden* >> >> Systems Administrator >> >> Indiana Members Credit Union >> >> P: 317.554.8190 <(317)%20554-8190>| F: 317.554.8106 <(317)%20554-8106> >> >> [image: Description: imcu email icon] <http://imcu.com/> [image: >> Description: facebook email icon] >> <https://www.facebook.com/IndianaMembersCU> [image: Description: >> twitter email icon] <https://twitter.com/IndMembersCU> >> >> [image: Description: email logo] >> >> [image: Image result for mcp logo] >> <https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw&url=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/&psig=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ&ust=1493471205430002> >> >> >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> Please consider the environment before printing this email. >> >
