cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1320
Views
0
Helpful
1
Replies

Guest portals on ISE in PCI zone

aniiyer
Cisco Employee
Cisco Employee

Team, 

 

I have a customer that has PCI restrictions around hosting ISE guest portals in their PCI Zone. What are the best ways to address this? I would love to hear real world experiences. 

 

Ideas I have are 1) Separate PSN in a non PCI zone for guest portals 2) Fully separate ISE deployment for guest wireless. 

1 Accepted Solution

Accepted Solutions

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

Normally I'd expect to see PCI vs non-PCI zones segmented by firewall(s) and ISE hosted in a non-PCI zone. In any case, guest portal should not be hosted on ISE that is deployed in PCI zone. 

 

The customer I support also need to comply to PCI regulation. They have ISE hosted in DC in non-PCI zone. For guest zones, they have a dedicated PSN server in DMZ. All guest/IoT SSIDs from various locations are anchored to WLCs in DMZ and they are put in VLAN that get only Internet access. 

 

I don't see a necessity for completely separate ISE deployment only for guest network unless customer has reasons to do so. There are other customers that have separate guest ISE deployment.

View solution in original post

1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

Normally I'd expect to see PCI vs non-PCI zones segmented by firewall(s) and ISE hosted in a non-PCI zone. In any case, guest portal should not be hosted on ISE that is deployed in PCI zone. 

 

The customer I support also need to comply to PCI regulation. They have ISE hosted in DC in non-PCI zone. For guest zones, they have a dedicated PSN server in DMZ. All guest/IoT SSIDs from various locations are anchored to WLCs in DMZ and they are put in VLAN that get only Internet access. 

 

I don't see a necessity for completely separate ISE deployment only for guest network unless customer has reasons to do so. There are other customers that have separate guest ISE deployment.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: