https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446130#M568920 <P>My Cisco ISE 3.0 patch 3 on SNS-3655 is making outbound https to the following sites:</P><P>&nbsp;</P><P><U><EM><STRONG>173.37.145.8</STRONG></EM></U> --&gt; tools2.cisco.com</P><P>34.216.127.109 --&gt; ec2-34-216-127-109.us-west-2.compute.amazonaws.com.</P><P>35.83.205.101 --&gt; ec2-35-83-205-101.us-west-2.compute.amazonaws.com.</P><P>54.148.222.24 --&gt; ec2-54-148-222-24.us-west-2.compute.amazonaws.com.</P><P>72.163.4.38 --&gt; tools1.cisco.com</P><P>&nbsp;</P><P>According to Cisco, with Smart Licensing, it should only make https outbound connection to tools.cisco.com:</P><P>&nbsp;</P><P>dig @8.8.8.8 tools.cisco.com +short<BR />173.37.145.8</P><P>&nbsp;</P><P>However, you can see it is making to so AWS hosts on a regular basis.</P><P>&nbsp;</P><P>Any ideas?</P> Sun, 08 Aug 2021 21:06:20 GMT david.tran 2021-08-08T21:06:20Z https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446130#M568920 <P>My Cisco ISE 3.0 patch 3 on SNS-3655 is making outbound https to the following sites:</P><P>&nbsp;</P><P><U><EM><STRONG>173.37.145.8</STRONG></EM></U> --&gt; tools2.cisco.com</P><P>34.216.127.109 --&gt; ec2-34-216-127-109.us-west-2.compute.amazonaws.com.</P><P>35.83.205.101 --&gt; ec2-35-83-205-101.us-west-2.compute.amazonaws.com.</P><P>54.148.222.24 --&gt; ec2-54-148-222-24.us-west-2.compute.amazonaws.com.</P><P>72.163.4.38 --&gt; tools1.cisco.com</P><P>&nbsp;</P><P>According to Cisco, with Smart Licensing, it should only make https outbound connection to tools.cisco.com:</P><P>&nbsp;</P><P>dig @8.8.8.8 tools.cisco.com +short<BR />173.37.145.8</P><P>&nbsp;</P><P>However, you can see it is making to so AWS hosts on a regular basis.</P><P>&nbsp;</P><P>Any ideas?</P> Sun, 08 Aug 2021 21:06:20 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446130#M568920 david.tran 2021-08-08T21:06:20Z https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446133#M568921 <P>tools.cisco.com for only smart License, cisco also need some posture updates and Cisco host some service with Amazon Cloud too, Maybe i am guessing here to get updates? what port 443?</P> <P>&nbsp;</P> Sun, 08 Aug 2021 21:37:37 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446133#M568921 balaji.bandi 2021-08-08T21:37:37Z https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446134#M568922 <P>I am not running posture.&nbsp; I am using Smart Licensing.&nbsp; I currently have a TAC case with Cisco but the TAC engineer doesn't know either.&nbsp; He is investigating but he doesn't know why the box is reaching out to the AWS Internet.&nbsp; To me, that's a security red flag. &nbsp;&nbsp;</P><P>&nbsp;</P><P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>:&nbsp; Yes, https (443) as posted in my original thread</P> Sun, 08 Aug 2021 21:46:35 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446134#M568922 david.tran 2021-08-08T21:46:35Z https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446139#M568923 <P>Are you using any of these features? Even if you're not using them there is a chance that a call out is still enabled like with automatic posture updates/downloads, and the profiler feed updates. I also see quite a few ISE deployments making calls for CRL, it's a pretty common investigation.&nbsp;</P> <P>&nbsp;</P> <UL class="ul"> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_6023002BA3B549D6BBED2ACE4B6FDDAE" class="li"> <P class="p">Partner Mobile Management</P> </LI> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_C8DB94363CE5484BB95A62DFA3E8B3D6" class="li"> <P class="p">Endpoint Profiler Feed Service Update</P> </LI> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_28BFECFC09B5455A94D7194A863C9564" class="li"> <P class="p">Endpoint Posture Update</P> </LI> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_212AF48AF78349BEB5CBF88B0F4D16B9" class="li"> <P class="p">Endpoint Posture Agent Resources Download</P> </LI> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_234EB65A90024A03906F17C9CF63CD3F" class="li"> <P class="p">Certificate Revocation List (CRL) Download</P> </LI> <LI id="task_5EED7670B71847DE949430AB5E267DBD__li_3D42011FC1574833AAD425F50FBC91C3" class="li"> <P class="p">Guest Notifications</P> </LI> <LI class="li"> <P class="p">SMS Message Transmission</P> </LI> <LI class="li"> <P class="p">Social Login</P> </LI> </UL> Sun, 08 Aug 2021 22:15:25 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446139#M568923 Damien Miller 2021-08-08T22:15:25Z https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446140#M568924 <P>I may be missed your HTTPS information, I was only thought tools.cisco.com for HTTPS.</P> <P>&nbsp;</P> <P>by investigating more: here is the IP related to Cisco.</P> <P>&nbsp;</P> <P><A href="https://ipduh.com/dns/?www.ciscoconnectdna.com" target="_blank">https://ipduh.com/dns/?www.ciscoconnectdna.com</A></P> <P>&nbsp;</P> Sun, 08 Aug 2021 22:16:10 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-3-0-patch-3-is-making-outbound-https-to-unknown-sites/m-p/4446140#M568924 balaji.bandi 2021-08-08T22:16:10Z