Yes it is. If the device is not on the certified list, then posturing is not done. A system could have an out of date AV signature list, or could have un-installed the AV after the first posture and you would not know it.
Clearing the CDL forces the systems to be re-checked and will catch these items.
Is this also true if you require the use of Agent?
I'm not trying to be argumentative, but the CAM Install and Config guide states "For Agent users, devices always go through Agent Requirements at each login, even if the device is already on the Certified Devices".
In the CCA reports I am seeing the same devices go through the requirements each time they login, and I have yet to clear the certified device list.
I think the Certified Device list is only beneficial if you are doing the Nessus Scan to certify a device. It speeds up subsequent logins for the device by not requiring a Nessus Scan until that device is cleared certified device list. I just want to verify that is true and I'm not going to run into some issue later on.
If the device is not in the certified list, then the device is forced though a posture check, once it as passed the posture check, it is then placed back into the certified device list, as apposed to 'not done'
By clearing out certified devices list at regular 'quiet' times, its gives the administrator a peace of mind knowing that devices are being forced to keep their posture up to date as per your security policy. It is also to clear our stale entries, e.g. maybe a contractor host that will not be back onsite for 3 months.
But does raise the question, I was under the assumption that while users go though an IN-BAND CAS they are constantly being checked,
e.g. if a user deliberately down graded his virus data file (for arguments sake), isn't the Inline CAS meant to know about this from the CAA because the users traffic always goes though the CAS?.....I thought that was the benefit of in-band over OOB.
I know this wouldn't be the case for an OOB setup as the users are only inband during authentication.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...