topic Re: ISE Policy to Protect vCenter in Network Access Control

ISE Policy to Protect vCenter

jeaston — Mon, 24 Jun 2024 20:38:44 GMT

New to ISE and looking for some direction here.

I'd like to limit access to certain assets to a few jump servers. Not all traffic is going through a firewall

How can i control what devices can access things like vCenter, backup devices, IPMI interfaces?

Thanks in advan

Re: ISE Policy to Protect vCenter

Arne Bier — Mon, 24 Jun 2024 20:46:10 GMT

You should look in each of these applications to see if there is an option to restrict the access based on host (e.g. jumphost IPs) or network ranges (e.g. network management subnets). ISE supports this, and I have seen it on various other applications. Failing that, you'd have to put all those "assets" behind a firewall and make the access rules on the FW.

Re: ISE Policy to Protect vCenter

Rob Ingram — Mon, 24 Jun 2024 21:02:45 GMT

@jeaston well ISE can push down a Downloadable ACL (DACL) or TrustSec SGACL these would be enforced somewhere on the network such as router, switch or firewall to permit/deny traffic.