topic Re: Envoy integration with ISE in Network Access Control

Envoy integration with ISE

prathapss — Tue, 19 Dec 2023 15:19:59 GMT

Hi,

We are planning to integrate the Envoy tool to integrate with ISE to automate the guest authentication.

For this, in the Envoy guide it require a public IP for the ISE admin node.

Our setup is behind a firewall and we would need to allow the specific rule in the firewall for the Envoy to communicate.

Is there any risk associated with this setup and any impact to be expected if anyone is having experience with integrating the Envoy tool.

Thanks,

Prathap

Re: Envoy integration with ISE

ahollifield — Tue, 19 Dec 2023 20:14:48 GMT

I've integrated Envoy with other NAC providers but not with ISE specifically. There is always risk associated to opening anything up directly to the internet. That being said proper firewall policy, inspection, etc should mitigate that risk to some degree. Also be sure to keep your ISE deployment upgraded and patched.

Re: Envoy integration with ISE

gho21 — Fri, 02 Feb 2024 14:37:45 GMT

You can limit the risk by only allowing the IPs provided in the Envoy documentation to access the ISE node externally.