This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am working on a project where a customer use Firepower and ISE to quarantine endpoints. Firepower and ISE communicate via pxGrid and based on IPS signatures, Firepower will send a qurantine request to ISE. This part of the solution works, but the challenge comes when we want to unquarantine clients. I have created an authorization policy and an ANC Policy for quarantine/quarantine and I can use this to unquarantine clients by select a client matching this authorization policy and then assign the ANC unquarantine policy. The ´customer now wants to build a web portal for the network security team so that will use this portal to unquarantine clients after they been investigated for malware, etc. They also need a "panic button" in case of false positives where they can select all clients in quarantine and do a bulk unquarantine. Would this be possible to achieve via REST API commands? What we basically need is one command that will list all clients that match the quarantine authorization policy and then bulk unqurantine them. If someone have some example code that can achieve this, it would be greatly appreciated.
Solved! Go to Solution.
Email me directly to discuss. Firepower uses pxGrid 1.0 and uses: Sesion:EPSstatus:Quarantine for the ANC policy.
Email sent :)