cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

80
Views
0
Helpful
3
Replies
Beginner

Applying an ANC Policy via RESP API to unquarantine clients

Hi,

 

I am working on a project where a customer use Firepower and ISE to quarantine endpoints. Firepower and ISE communicate via pxGrid and based on IPS signatures, Firepower will send a qurantine request to ISE. This part of the solution works, but the challenge comes when we want to unquarantine clients. I have created an authorization policy and an ANC Policy for quarantine/quarantine and I can use this to unquarantine clients by select a client matching this authorization policy and then assign the ANC unquarantine policy. The ´customer now wants to build a web portal for the network security team so that will use this portal to unquarantine clients after they been investigated for malware, etc. They also need a "panic button" in case of false positives where they can select all clients in quarantine and do a bulk unquarantine. Would this be possible to achieve via REST API commands? What we basically need is one command that will list all clients that match the quarantine authorization policy and then bulk unqurantine them. If someone have some example code that can achieve this, it would be greatly appreciated.

 

Thanks

/Jörgen                                               

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Applying an ANC Policy via RESP API to unquarantine clients

Hey Jorgen,

 

Email me directly to discuss. Firepower uses pxGrid 1.0 and uses: Sesion:EPSstatus:Quarantine for the ANC policy.

 

Thanks,

John

jeppich@cisco.com

 

 

3 REPLIES 3
Cisco Employee

Re: Applying an ANC Policy via RESP API to unquarantine clients

I will forward to our SME. Any sample code would likely live in the devnet zone at http://cs.co/ise-api
Highlighted
Cisco Employee

Re: Applying an ANC Policy via RESP API to unquarantine clients

Hey Jorgen,

 

Email me directly to discuss. Firepower uses pxGrid 1.0 and uses: Sesion:EPSstatus:Quarantine for the ANC policy.

 

Thanks,

John

jeppich@cisco.com

 

 

Beginner

Re: Applying an ANC Policy via RESP API to unquarantine clients


@jeppich wrote:

Hey Jorgen,

 

Email me directly to discuss. Firepower uses pxGrid 1.0 and uses: Sesion:EPSstatus:Quarantine for the ANC policy.

 

Thanks,

John

jeppich@cisco.com

 

 


Email sent :)