cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

652
Views
0
Helpful
5
Replies
Beginner

PXGRID integration with FMC-use case


Dear Experts,


I am going to integrate Pxgrid in distributed environment. I have few points to clarify.

 

  • I have 2xPAN, 2xMnt and multiple PSNs, I am going to add two Pxgrid in setup. Currently i am using Self sing cert.
  • Keeping this in mind what will be the best case for certificates to integrate with Pxgrid and FMC , Is all PSNs certificate will be added into PxGrid or only PAN and MNT is will be add in Pxgrid ? Please suggest the correct way.
  • What can be use case if i have IPS license in my FMC ?  I am not clear about the use case?
  • Please note i am going to use ISE 2.3 upgrade version for integration.

Appreciate your feedback and thanks in advance.

5 REPLIES 5
VIP Advisor

Re: PXGRID integration with FMC-use case

As you know, ca signed certs are more secure that self signed. Now in
pxgrid you can use self signed technically but you need the ca cert
imported in fmc. Only MNT, PAN and PxGrid certs are replicated. You don't
need specific licenses for pxgrid on fmc. IPS lic will work
Highlighted
Beginner

Re: PXGRID integration with FMC-use case

Thanks Mohamad for the reply.



What about the FMC use case ? as per my understanding user who trigger the IPS will be put in isolated vlan ? But I am not clear about the use case. Can you explain if you have any idea on this.


VIP Advisor

Re: PXGRID integration with FMC-use case

This is called rapid threat containment you can read about it in ise
guides). The concept as you mentioned that once an IOC is detected in FMC
for user, fmc will notify ise through pxgrid and ISE will drop a CoA to
NAD in order to isolate the endpoint of that user

***** please rate useful posts
Beginner

Re: PXGRID integration with FMC-use case

Thanks for your replay.



I will look into the document related to threat containment , do you have any reference document and use case example from where I can understand in better way.


VIP Advisor

Re: PXGRID integration with FMC-use case