cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

389
Views
0
Helpful
2
Replies
Highlighted

ISE and Firepower Identity : update interval for Active Directory and other identity sources

Hi Everyone,

 

I know that ISE can provide user-to-ip mappings to FMC and based on that user access control can be enforced (and with rapid threat containment as well).

 

What I would like to know is how often the user-to-ip mappings are updated? I used to run some test with Firesight AD agent and I recall there were a regular interval to update the mappings and that was not feasible for our production environment, using ISE makes it realtime since it uses WMI or is it still bound to scheduled updates ?

 

Thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advisor

Re: ISE and Firepower Identity : update interval for Active Directory and other identity sources

With ISE it uses PxGRID which is based XMPP subscription. FMC will
subscribe to ISE PixGrid and after that it will be push from ISE to FMC
instead of poll from FMC to ISE. This means that you don't have regular
interval based sync. Instead its based on changes detected by ISE will be
notified to FMC

*** Remember to rate useful posts
Cisco Employee

Re: ISE and Firepower Identity : update interval for Active Directory and other identity sources

Mohammed is correct. It uses PxGrid for Adaptive Network Control to take action. FMC consumes session directory and Trustsec meta data to gather user, IP, SGT information etc.
Essentially it uses PxGrid 1.0 based on XMPP and rest as mentioned above.
2 REPLIES 2
VIP Advisor

Re: ISE and Firepower Identity : update interval for Active Directory and other identity sources

With ISE it uses PxGRID which is based XMPP subscription. FMC will
subscribe to ISE PixGrid and after that it will be push from ISE to FMC
instead of poll from FMC to ISE. This means that you don't have regular
interval based sync. Instead its based on changes detected by ISE will be
notified to FMC

*** Remember to rate useful posts
Cisco Employee

Re: ISE and Firepower Identity : update interval for Active Directory and other identity sources

Mohammed is correct. It uses PxGrid for Adaptive Network Control to take action. FMC consumes session directory and Trustsec meta data to gather user, IP, SGT information etc.
Essentially it uses PxGrid 1.0 based on XMPP and rest as mentioned above.