ISE automation

Northy — Thu, 27 Aug 2020 16:39:36 GMT

We currently use ISE for our anyconnect users. Depending on the user configuration and due to an infosec requirement we need to create an individual AuthZ profile with its own DACL and a new rule in a policy that essentially identifies the user and applies the AuthZ specific to them

I’d like to automate this process but I cannot find anything in the API documentation that suggests it is possible right now.

Do people know of a way to create AuthZ, DACL and a AuthZ policy rule in an automated way?

Are people just not automating ISE configuration all that much?

Using ISE 2.4 currently

Re: ISE automation

Mike.Cifelli — Thu, 27 Aug 2020 17:12:58 GMT

AFAIK you can utilize ISE APIs to create authz profiles, and dacls. I have not tested this as I primarily use the APIs to manipulate groups, and endpoints. However, If you go to your pan sdk via https://<PAN IP>:9060/ers/sdk# and go to API documentation you can see examples and this may also shed some additional light on other items you may be wishing to automate. HTH!

topic ISE automation in Network Access Control

ISE automation

Re: ISE automation