Solved: Re: 1 x FMC 5.4.1.5 - ISE Distributed Deployment. How to RTC (pxgrid) High Availability?

victguti · ‎08-02-2016

Hi,

I have a customer with only one FMC 5.4.1.5 and ISE 1.3 distributed deployment with 2xPAN, 2xMnT and 2xPSN. He wants to perform Rapid Threat Containment. My doubt is in which ISE nodes are usually activated pxgrid personas and how can I get some high availability.

I saw in FMC v6.x we can integrate with ISE specifying a primary and secondary ISE nodes but in v5.x we have to use the script still and not sure if possible specifying a secondary node.

Thanks and regards.

jeppich · ‎08-03-2016

Hi,

Please send me an email and we can discuss the details.

Thanks,

John

jeppich@cisco.com

View solution in original post

hslai · ‎08-02-2016

Our recommendation is to dedicate pxGrid on its own nodes. The solution for FMC 5.4 does not support secondary ISE node so it needs a manual failover.

victguti · ‎08-03-2016

Many thanks for your answer.

Unfortunately, customer has no the possibility of using dedicated nodes for pxGrid.

PSN nodes are behind a load balancer, would it be possible to activate pxGrid persona in PSN nodes and balance the pxGrid service in the same way we do for AAA services? FMC pxGrid agent would point to a VIP balancing the pxGrid service (TCP/8910)..

jeppich · ‎08-03-2016

Hi,

Please send me an email and we can discuss the details.

Thanks,

John

jeppich@cisco.com