Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2857
Views
0
Helpful
5
Replies

PXGRID integration with FMC-use case

Muhammad Azhar
Level 1
Level 1

‎02-24-2019 07:29 AM


Dear Experts,


I am going to integrate Pxgrid in distributed environment. I have few points to clarify.

 

  • I have 2xPAN, 2xMnt and multiple PSNs, I am going to add two Pxgrid in setup. Currently i am using Self sing cert.
  • Keeping this in mind what will be the best case for certificates to integrate with Pxgrid and FMC , Is all PSNs certificate will be added into PxGrid or only PAN and MNT is will be add in Pxgrid ? Please suggest the correct way.
  • What can be use case if i have IPS license in my FMC ?  I am not clear about the use case?
  • Please note i am going to use ISE 2.3 upgrade version for integration.

Appreciate your feedback and thanks in advance.

Labels:
0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎02-24-2019 09:34 AM

As you know, ca signed certs are more secure that self signed. Now in
pxgrid you can use self signed technically but you need the ca cert
imported in fmc. Only MNT, PAN and PxGrid certs are replicated. You don't
need specific licenses for pxgrid on fmc. IPS lic will work
0 Helpful

Muhammad Azhar
Level 1
Level 1
In response to Mohammed al Baqari

‎02-24-2019 09:47 AM

Thanks Mohamad for the reply.



What about the FMC use case ? as per my understanding user who trigger the IPS will be put in isolated vlan ? But I am not clear about the use case. Can you explain if you have any idea on this.


0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Muhammad Azhar

‎02-24-2019 10:12 AM

This is called rapid threat containment you can read about it in ise
guides). The concept as you mentioned that once an IOC is detected in FMC
for user, fmc will notify ise through pxgrid and ISE will drop a CoA to
NAD in order to isolate the endpoint of that user

***** please rate useful posts
0 Helpful

Muhammad Azhar
Level 1
Level 1
In response to Mohammed al Baqari

‎02-24-2019 10:46 AM

Thanks for your replay.



I will look into the document related to threat containment , do you have any reference document and use case example from where I can understand in better way.


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents