https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497403#M521148 <HTML><HEAD></HEAD><BODY><P>There are no network device profiles because Fortinet doesn’t do wired/wireless or VPN connectivity for the end users. You don’t add Fortinet devices to ISE.</P><P></P><P>If you are talking about profiling the network access devices just to see what is out there then make sure after ISE is up and running.</P><P></P><P>I still don’t see the use case and how it integrates with ISE.</P><P></P><P>For TACACs its fairly straightforward. You add the Network access device that needs to process device admin. There are no profiles to handle this. It should work as long as they follow the standards.</P><P></P><P>If there are still problems you can work with the TAC as well for troubleshooting</P></BODY></HTML> Mon, 02 Oct 2017 19:24:06 GMT Jason Kunst 2017-10-02T19:24:06Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497400#M521145 <HTML><HEAD></HEAD><BODY><P>I have a wide array of devices in my environment and was wondering if there are any Network Device Profiles for Fortinet and Palo Alto devices?</P></BODY></HTML> Mon, 02 Oct 2017 18:54:30 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497400#M521145 zivanovichn 2017-10-02T18:54:30Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497401#M521146 <HTML><HEAD></HEAD><BODY><P>Network device profiles are used for wired, wireless and VPN use cases.</P><P></P><P>https://communities.cisco.com/docs/DOC-64547</P><P></P><P>The vendors you mention aren’t used for user connectivity to the network.</P><P></P><P>Fortinet I believe is used as a firewall for perhaps internet connectivity and all that can be done is perhaps log guest traffic? There are community posts on that</P><P></P><P>Palo Alto is another firewall but I don’t currently see any integration from them. This is also not a valid case. For example Checkpoint is able to use Trustsec SGT (Scalable Group Tags) to match policies shared via PXgrid.</P><P></P><P>Would be best to research what each device is used for and the possible integration behind that. And if you have further questions please reach out</P></BODY></HTML> Mon, 02 Oct 2017 19:02:29 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497401#M521146 Jason Kunst 2017-10-02T19:02:29Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497402#M521147 <HTML><HEAD></HEAD><BODY><P>Thanks Jason, I am mainly interested in the Fortinet's because we are implementing an SD-WAN solution and the Fortinets will be passing some of that traffic.</P><P></P><P>I also would like to have the profiles so that I would be able to properly classify the devices within ISE, we do our TACACS authentication and authorization through ISE and cant label those devices correctly right now.</P><P></P><P>Thanks,</P><P>Niko Zivanovich</P></BODY></HTML> Mon, 02 Oct 2017 19:09:47 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497402#M521147 zivanovichn 2017-10-02T19:09:47Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497403#M521148 <HTML><HEAD></HEAD><BODY><P>There are no network device profiles because Fortinet doesn’t do wired/wireless or VPN connectivity for the end users. You don’t add Fortinet devices to ISE.</P><P></P><P>If you are talking about profiling the network access devices just to see what is out there then make sure after ISE is up and running.</P><P></P><P>I still don’t see the use case and how it integrates with ISE.</P><P></P><P>For TACACs its fairly straightforward. You add the Network access device that needs to process device admin. There are no profiles to handle this. It should work as long as they follow the standards.</P><P></P><P>If there are still problems you can work with the TAC as well for troubleshooting</P></BODY></HTML> Mon, 02 Oct 2017 19:24:06 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497403#M521148 Jason Kunst 2017-10-02T19:24:06Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497404#M521149 <HTML><HEAD></HEAD><BODY><P>Easier shown in the picture below, I will be adding the Fortinet Firewalls, switches, and controllers into ISE for the TACACS authentication. Currently I am only able to classify those devices as: Cisco, HP, Aruba, Brocade, and Ruckus; was hoping to add other Vendor device profiles so that I could classify my network devices correctly.</P><P></P><P><IMG alt="" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/111754_pastedImage_0.png" style="max-width: 1200px; max-height: 900px;" /></P></BODY></HTML> Mon, 02 Oct 2017 19:34:20 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497404#M521149 zivanovichn 2017-10-02T19:34:20Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497405#M521150 <HTML><HEAD></HEAD><BODY><P>Please follow the process here and work with the TAC</P><P></P><P>https://communities.cisco.com/docs/DOC-64547</P><P>Then please share</P></BODY></HTML> Mon, 02 Oct 2017 20:07:55 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497405#M521150 Jason Kunst 2017-10-02T20:07:55Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497406#M521152 <HTML><HEAD></HEAD><BODY><P>For TACACS+, there is no special config needed for the NAD Profile.&nbsp; If simply wish to have option to select a certain vendor, then suggest simply add new profile (give it a name, set vendor to "Other", enable TACACS+, and optionally set icon and description to specific vendor).</P><P></P><P>/Craig</P></BODY></HTML> Tue, 03 Oct 2017 13:24:07 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/3497406#M521152 Craig Hyps 2017-10-03T13:24:07Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/4016584#M521157 <P>Hi Jason,</P> <P>Do we have a Network Device Profile for Broadcom switches? If so, is there any documentation on the same that can be used to create the profile?&nbsp;</P> <P>Thanks</P> <P>Sampath</P> Wed, 22 Jan 2020 22:30:52 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/4016584#M521157 sampathss 2020-01-22T22:30:52Z https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/4020432#M521163 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/353481">@sampathss</a>&nbsp;wrote:<BR /> <P>Hi Jason,</P> <P>Do we have a Network Device Profile for Broadcom switches? If so, is there any documentation on the same that can be used to create the profile?&nbsp;</P> <P>Thanks</P> <P>Sampath</P> <HR /></BLOCKQUOTE> <P>unfortunately we don't have everything out there. I'd work with Broadcom to see what they need as well and please share if not already here&nbsp;</P> <P><A href="https://community.cisco.com/t5/security-documents/ise-third-party-nad-profiles-and-configs/ta-p/3648719" target="_blank">https://community.cisco.com/t5/security-documents/ise-third-party-nad-profiles-and-configs/ta-p/3648719</A></P> <P><A href="https://community.cisco.com/t5/security-documents/how-to-create-ise-network-access-device-profiles/ta-p/3631103" target="_blank">https://community.cisco.com/t5/security-documents/how-to-create-ise-network-access-device-profiles/ta-p/3631103</A></P> Wed, 29 Jan 2020 18:40:00 GMT https://community.cisco.com/t5/network-access-control/3rd-party-network-device-profiles/m-p/4020432#M521163 Jason Kunst 2020-01-29T18:40:00Z