Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
21
Helpful
2
Replies

DNA Center using Forescout

Go to solution
craneman1
Level 1
Level 1

‎04-24-2022 08:04 AM

My customer uses Forescout for comply-to-connect.

98 Per cent of DNA deployments use ISE Radius.

Has anyone done Forescout integration using Pxgrid with ISE?

Does this actually work with DNA Center?.

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎04-24-2022 09:12 AM

Hello,

 

  I dont have experience with Forescout but I have experience with DNAC and ISE deployment. As per the docs, the Forescout integrates with ISE via PXGrid and not with DNAC directly. I did not find any doc in which DNAC integrate with Forescout directly, although both speaks PXgrid.

 I attached this document made by cisco about this subject.

 

 

View solution in original post

Preview file
972 KB
0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎04-25-2022 04:33 PM - edited ‎04-25-2022 04:35 PM

Hi Craneman. yes, I worked with FS (Forescout) representatives to successfully pxG integrate FS to ISE and prove that FS can trigger ISE to change context of endpoints (SGT change, SGACL change, etc.) via pxG. This was tested in a POC (proof of concept) lab for a design opportunity that never advanced to production for unrelated reasons (politics, pandemic, etc.). This POC was conducted in July 2020. I'm not able to make firm promises on behalf of FS, but from what I have seen it does work. There might be specific dependencies on the FS side I cannot comment on (code versions, supported/unsupported configurations, etc.) and someone would have to follow up with FS for the specific details/requirements of your design.  Probably the best way forward is for you to speak to your Cisco SE or AM who can engage the appropriate Cisco-internal resources - please have them contact me. Regards, Jerome

View solution in original post

2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎04-24-2022 09:12 AM

Hello,

 

  I dont have experience with Forescout but I have experience with DNAC and ISE deployment. As per the docs, the Forescout integrates with ISE via PXGrid and not with DNAC directly. I did not find any doc in which DNAC integrate with Forescout directly, although both speaks PXgrid.

 I attached this document made by cisco about this subject.

 

 

Preview file
972 KB
0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎04-25-2022 04:33 PM - edited ‎04-25-2022 04:35 PM

Hi Craneman. yes, I worked with FS (Forescout) representatives to successfully pxG integrate FS to ISE and prove that FS can trigger ISE to change context of endpoints (SGT change, SGACL change, etc.) via pxG. This was tested in a POC (proof of concept) lab for a design opportunity that never advanced to production for unrelated reasons (politics, pandemic, etc.). This POC was conducted in July 2020. I'm not able to make firm promises on behalf of FS, but from what I have seen it does work. There might be specific dependencies on the FS side I cannot comment on (code versions, supported/unsupported configurations, etc.) and someone would have to follow up with FS for the specific details/requirements of your design.  Probably the best way forward is for you to speak to your Cisco SE or AM who can engage the appropriate Cisco-internal resources - please have them contact me. Regards, Jerome

Customers Also Viewed These Support Documents