Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1518
Views
0
Helpful
4
Replies

ISE 2.4 Multiple Matched Rule Applies

Go to solution
Asif Akash
Cisco Employee
Cisco Employee

‎06-13-2018 02:25 PM

Greetings Experts,

Does ISE 2.4 Authorization policy have the option to do "Multiple Matched Rule Applies"?

Br,

Asif

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to Damien Miller

‎06-13-2018 06:26 PM

Multi-match was only supported in Simple Policy mode and currently deprecated in 2.3/2.4 where strictly Policy Set mode.

Craig

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paul
Level 10
Level 10

‎06-13-2018 02:29 PM

Asif,

I don't have any of my customers at 2.4 yet, but I don't think this is supported.  What is the use case you are trying to solve?

0 Helpful

Go to solution
Asif Akash
Cisco Employee
Cisco Employee
In response to paul

‎06-13-2018 02:32 PM

Customer need to match multiple authorization profiles based on matched rules which existed in 2.2. However after upgrade to 2.4, we can only see Default policy set and don’t have the option to “Multiple Matched” rule under Authorization policy.

--

Asif A

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-13-2018 03:15 PM

Hello Asif,

I have run many ISE implementations but I am not familiar with any ability to match multiple authorization rules. Typically you build ISE on a first match design. You can create multiple policy sets, each policy set will have authentication conditions that must be matched. Once you match an authentication rule in a policy set you then hit a configured authorization rule.

Within both the authentication rules and authorization rules of a policy set you can set up compound conditions. These conditions must be met to be matched.

It sounds like when you upgraded it might have merged your existing 2.2 policy set incorrectly, or in a way that doesn't match your needs. You shouldn't need to match two rules to authenticate the same endpoint.

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Damien Miller

‎06-13-2018 06:26 PM

Multi-match was only supported in Simple Policy mode and currently deprecated in 2.3/2.4 where strictly Policy Set mode.

Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents