Advanced Endpoint Assessment prolongs AnyConnect logon time
We are running an ASA 5540 on ver. 8.2.3 with AnyConnect 2.5.2001 and CSD 3.5.
I've created a DAP policy that checks for our AntiVirus version and dat file version and it works just fine. Posture Assessment on AnyConnect client when connecting takes about 5 seconds.
Now, if I enable Advanced Endpoint Assessment for our AV product, and configures it to do an automatical update in case dat files are older than 14 days, the posture assessement times increases to 30 seconds! Might not sound as much, but when sitting there waiting to be able to put in your password, 30 seconds is a long time
So it does work - it just takes a long time compared to just checking the version, and then deny logon if dat files are older than x number of days.
Has anyone else noticed this? Is it by design, or is there something we can do other than just disable Advanced EndPoint Assessment now that we've bought the license?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...