cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

279
Views
1
Helpful
3
Replies
Highlighted
Beginner

1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

Hi,

I have a customer with only one FMC 5.4.1.5 and ISE 1.3 distributed deployment with 2xPAN, 2xMnT and 2xPSN. He wants to perform Rapid Threat Containment.  My doubt is in which ISE nodes are usually activated pxgrid personas and how can I get some high availability.

I saw in FMC v6.x we can integrate with ISE specifying a primary and secondary ISE nodes but in v5.x we have to use the script still and not sure if possible specifying a secondary node.

Thanks and regards.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: 1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

Hi,

Please send me an email and we can discuss the details.

Thanks,

John

jeppich@cisco.com

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: 1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

Our recommendation is to dedicate pxGrid on its own nodes. The solution for FMC 5.4 does not support secondary ISE node so it needs a manual failover.

Highlighted
Beginner

Re: 1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

Many thanks for your answer.

Unfortunately, customer has no the possibility of using dedicated nodes for pxGrid.

PSN nodes are behind a load balancer, would it be possible to activate pxGrid persona in PSN nodes and balance the pxGrid service in the same way we do for AAA services? FMC pxGrid agent would point to a VIP balancing the pxGrid service (TCP/8910)..

Highlighted
Cisco Employee

Re: 1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

Hi,

Please send me an email and we can discuss the details.

Thanks,

John

jeppich@cisco.com

View solution in original post