01-13-2022 01:30 PM
Hello All,
We have a 6 node deployment of Cisco ISE. Port 80 was found to be open on the Mnt node during a pen test by the relevant team.
They are asking to shut port 80 down as for security concerns.
As for my information, we cannot configure/modify/shutdown port80 or 443. And the port 80 is redirected to port 443 according to the Cisco ISE port Reference document.
My query is what would happen in case we block the port on firewall. And what is the recommended path here. I believe we should not tamper with the port requirements given in the document but would like to hear expert opinions.
TIA
Solved! Go to Solution.
01-13-2022 02:04 PM - edited 01-13-2022 02:04 PM
As you mentioned in your post, tcp/80 is simply redirected to tcp/443 when received by the ISE web server. There is no legitimate use for tcp/80 in any ISE communications. I have had customers block tcp/80 to the ISE nodes on transit firewalls in the past with no adverse effects.
01-13-2022 02:04 PM - edited 01-13-2022 02:04 PM
As you mentioned in your post, tcp/80 is simply redirected to tcp/443 when received by the ISE web server. There is no legitimate use for tcp/80 in any ISE communications. I have had customers block tcp/80 to the ISE nodes on transit firewalls in the past with no adverse effects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide