It's possible to query and get a list of endpoints in a given Identity Group: curl -k --header 'Accept: application/json' --user xxx:yyy https://omf-01-ise01:9060/ers/config/endpoint?filter=groupId.EQ.12abb870-295a-11e9-aed1-76f66f54fcc8 However `cus...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
I have been trying to properly profile devices and get them put into specific rules instead of the last rule. My last rule is called 'Closed_Mode'. I want the endpoint to hit the AuthZ rule 'Global..SJ_Computers'. it appears to hit the proper rule in...
I really want to get the HTTP User-Agent attribute on my endpoints. I understand that the only ways to do that are URL redirect or SPAN. I don't want to do SPAN. But using the URL redirect doesn't really seem to work for me either because I don't wa...
Resolved! ISE Posture Condition
Hi, Can I have a posture condition for the following in ISE 2.4/2.6? Cisco Umbrella agent in installed and runningQualys agent is installed and runningPlease note - requirement is not for pxgrid integration of qualys or umbrella, only for posture che...
Resolved! Compliance Module - What is this?
Hello all,I could use some assistance with getting my arms around Compliance Module. I don'trecall this being an objective in the CCNP Security 300-208 exam. It is now an objectivein the 300-715 exam. More specifically, item 6.3, "Configure the co...
Resolved! ISE 2.4: PXgrid licensing questions
Hi, I'm interested in adding a pxGrid node to allow 3rd party systems use ISE for quarantine/COA.My workstations are now licensed via Base licenses, and to my understanding require Plus licensing for pxGrid content sharing in order to be managed via ...
Resolved! ISE and Firepower integration
Hi, Are there any guides available for integrate Firepower Threat Defence with ISE using pxGrid?I found an excellent guide by Katherine McNamara here - http://www.network-node.com/blog/2017/1/2/rapid-threat-containment-with-ise-21-and-firepower-61?rq...
Hello Team, We are using full-blown ISE (no ISE-PIC) for usual 802.1x (EAP-TLS-based Machine auth mainly) and now configuring same ISE deployment for PassiveID to distribute User-IP mappings from AD (via ISE AD Agents) towards WSA and FMC. We are n...
Resolved! NEAT
Client gets authenticated and result is applied but supplicant switch errors the VLAN TEST is non-existent or shutdown which is both no true. Is this a limitation of CISP? %DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdow...
I've been recently testing an NPS server to handle RADIUS requests for our network devices, using active directory. Most tutorials I have followed have set the authentication method to be "Unencrypted authentication (PAP, SPAP)" on the server side. T...
Resolved! Audit Alerting via ISE?
Is ISE able to alert (via email for example) if a specific command or commands are executed on a security device like a FW? We've been asked if we can be alerted if someone makes a change to the audit logging settings on a firewall (i.e. anything wit...
Resolved! ISE 2.4 Support on CSP-5444?
Is ISE 2.4 supported on CSP-5444? If so, are there whitepapers, CVDs, or references for such a deployment?
Resolved! dACL to Allow VNC to Client Device
Hello All,ISE v2.3We have a Auth Policy for Noncompliant devices. Usually this means that their AV defs or Windows Updates are not up-to-date. In that Auth policy we assign a dACL. This dACL allows the client PC to talk to both of our ISE servers, Sy...
I have already discovered that I can use CURL calls via the ers API, and, for example:Add an endpointAdd an endpoint to an identity groupGet all endpoints in an identity groupI realize that an endpoint (defined by a MAC address) begins to "live" as t...
Resolved! ISE Posture Call Home List
Hello, In our environment we are using meraki switches and as they do not support DACLs or ACLs for Posture redirection, we used call home list in the anyconnect configuration profile to let the endpoint reach the PSN. During redirection or before re...
