cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2082
Views
0
Helpful
1
Replies

Blocking port 80 on Cicso ISE

Hello All,

 

We have a 6 node deployment of Cisco ISE. Port 80 was found to be open on the Mnt node during a pen test by the relevant team.

 

They are asking to shut port 80 down as for security concerns.

As for my information, we cannot configure/modify/shutdown port80 or 443. And the port 80 is redirected to port 443 according to the Cisco ISE port Reference document.

Cisco Identity Services Engine Hardware Installation Guide, Release 2.0 - Cisco ISE Ports Reference [Cisco Identity Services Engine] - Cisco

 

My query is what would happen in case we block the port on firewall. And what is the recommended path here. I believe we should not tamper with the port requirements given in the document but would like to hear expert opinions.

 

 

TIA

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

As you mentioned in your post, tcp/80 is simply redirected to tcp/443 when received by the ISE web server. There is no legitimate use for tcp/80 in any ISE communications. I have had customers block tcp/80 to the ISE nodes on transit firewalls in the past with no adverse effects.

View solution in original post

1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

As you mentioned in your post, tcp/80 is simply redirected to tcp/443 when received by the ISE web server. There is no legitimate use for tcp/80 in any ISE communications. I have had customers block tcp/80 to the ISE nodes on transit firewalls in the past with no adverse effects.