Solved: Re: Cisco ISE 2.2 Network Access

ChrisMac70330 · ‎09-10-2020

Hi guys,

I am trying to create a policy set rule for network access in which I would like to do 1 big OR in between and 2 AND but I could not find a way to do it.

Thanks,

Chris.

Colby LeMaire · ‎09-10-2020

You will have to create library conditions to be able to mix and match AND's and OR's. So library condition to hold all of your OR's and then in your policy, just use AND to combine the conditions. Hard to tell what you are wanting to do from your screenshot.

View solution in original post

Colby LeMaire · ‎09-10-2020

You will have to create library conditions to be able to mix and match AND's and OR's. So library condition to hold all of your OR's and then in your policy, just use AND to combine the conditions. Hard to tell what you are wanting to do from your screenshot.

ChrisMac70330 · ‎09-10-2020

Hi, trying to create a rule that will combine 2 AND's separated by an OR(AD group AND Network compound condition) OR (another AD group AND Network Compound)

If that makes sense.

Greg Gibbs · ‎09-10-2020

There is no way to configure that kind of complex structure in the AuthZ policy in ISE 2.2, but you can create a more complex Compound Condition with various AND/OR statements using pre-configured Simple Conditions. You need to create your Simple Conditions first, then create a new Compound Condition, add one of your Simple Conditions, then switch to the Advanced View. From there, you can create all kinds of AND (&) OR (|) and NOT (!) combinations. The new Condition Studio in ISE 2.3+ is much more flexible in this way.