how to integrate cisco ISE NAC product with BigFix Patch management server.
the goal is when a windows endpoint connects to ISE NAC, ISE should check bigfix patch server whether the endpoint is latest patch KB installed.
If updated ISE posture permits the endpoint to network.
The Client Compliance API allows such integrations. Details at Client API and at https://developer.bigfix.com/other/cc-api/
Note this is an API, so some custom development is involved. If you are not comfortable with that, you may wish to engage our Services team for custom solutions.
thank you, are there any specific document related to a NAC solution integration.
While I’ve not seen the integration myself, Cisco seems to suggest they support BigFix in their Compliance Module for ISE. From the following link:
I’ve found BigFix in both the Windows and MAC Support charts.
I’m also not certain of the level of checks that have been implemented here, but as Jason suggests, it’s certainly possible to extend it to support any sort of device check that BigFix is able to perform (which is almost anything) via the Client Compliance API he referenced. If this is an area of interest, I’d suggest reaching out to Cisco. We’d also be happy to help support Cisco to make such enhancements.
The BigFix agent in the endpoints are having plain GUI only with about info. Dont know how ISE agent is talking to this BigFix agent without any GUI or info.
Unfortunately, this is not an integration we have much context around. I would suggest reaching out to Cisco Support, especially if the integration is not working as expected. If they have questions about how to integrate with BigFix, about our APIs, or even about potential enhancement opportunities, please feel free to direct them to me. I will PM you my contact information that you can share with Cisco if it would help.
