We've had NAC installed at one site and I am working on the second now. We have our Managers set up to download updates daily and I understand from previous answers to questions I posted on this forum that CISCO updates the OS items (i.e. hotfixes, MS Advisories, etc...) once a month. I was told these updates take place within 48 hours of Patch Tuesday each month. We get the daily virus updates that are published and are set up to download all updates. It seems the updates to the OS come extremely infrequently and are way behind. I've been watching for two months now. Five days after "Patch Tuesday" last month we finally received a few updates related to some MS Advisories. However, in reviewing the new checks the highest advisory # covered was MS10-076. MS was already at 10-83 or 10-84 at the time. I had to manually create the checks/rules, etc to cover the ones missing from the download. I had hoped we would get some more after Patch Tuesday this month (Nov 10) but a week has passed and there are still no additional checks which have been published in our update downloads. This makes it necessary for me to create new checks for each of the new advisories I am required to cover. I am not sure what the update downloads are really doing for us other than making sure our virus signatures are up to date.
So...I guess my question is, is this the norm and what I am to expect from Cisco each month?...if so, managing the NAC (on my three sites) is going to take me quite a bit of time each month since I will have to manually create most checks on three installations so I can meet my implementation deadlines.
Although I'm not able to comment on the frequency or the content of the updates release, you may consider to configure the WSUS requirement to check against the Microsoft public or privately handled WSUS servers with the "severity" option on NAC.
When you use the "severity" option, then the check is not done against the rules defined on the NAC Manager but against the Microsoft servers.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...