This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We currently have ISE 1 and ISE 2 in deployment and it is our inside firewall. I am thinking adding additional stand alone ISE3 PSN dedicated just in DMZ zone for guest that are going to be anchor to that zone. It is going to be strictly to be use for sponsored CWA.
A base license and endpoints license like if we want to support 100-500 endpoints for guest it is what I need correct?
Solved! Go to Solution.
This is exactly what we have now. We have two interface on our virtual primary ISE, one is inside and other is in the DMZ were it responds to 8443 cwa portal for guest authentication/authorization. It works great and we think it is perfect.
I am trying to convince my boss to purchase it just for the sake of isolating, standalone ISE in the DMZ zone. This includes me gathering how much would cost and the required license.
Does the standalone ISE 3 needs to talk to ISE 1 and ISE 2 from DMZ to the inside for any data?