08-08-2021 02:06 PM
My Cisco ISE 3.0 patch 3 on SNS-3655 is making outbound https to the following sites:
173.37.145.8 --> tools2.cisco.com
34.216.127.109 --> ec2-34-216-127-109.us-west-2.compute.amazonaws.com.
35.83.205.101 --> ec2-35-83-205-101.us-west-2.compute.amazonaws.com.
54.148.222.24 --> ec2-54-148-222-24.us-west-2.compute.amazonaws.com.
72.163.4.38 --> tools1.cisco.com
According to Cisco, with Smart Licensing, it should only make https outbound connection to tools.cisco.com:
dig @8.8.8.8 tools.cisco.com +short
173.37.145.8
However, you can see it is making to so AWS hosts on a regular basis.
Any ideas?
Solved! Go to Solution.
08-08-2021 02:37 PM
tools.cisco.com for only smart License, cisco also need some posture updates and Cisco host some service with Amazon Cloud too, Maybe i am guessing here to get updates? what port 443?
08-08-2021 03:16 PM
I may be missed your HTTPS information, I was only thought tools.cisco.com for HTTPS.
by investigating more: here is the IP related to Cisco.
https://ipduh.com/dns/?www.ciscoconnectdna.com
08-08-2021 02:37 PM
tools.cisco.com for only smart License, cisco also need some posture updates and Cisco host some service with Amazon Cloud too, Maybe i am guessing here to get updates? what port 443?
08-08-2021 02:46 PM
I am not running posture. I am using Smart Licensing. I currently have a TAC case with Cisco but the TAC engineer doesn't know either. He is investigating but he doesn't know why the box is reaching out to the AWS Internet. To me, that's a security red flag.
@balaji.bandi: Yes, https (443) as posted in my original thread
08-08-2021 03:15 PM
Are you using any of these features? Even if you're not using them there is a chance that a call out is still enabled like with automatic posture updates/downloads, and the profiler feed updates. I also see quite a few ISE deployments making calls for CRL, it's a pretty common investigation.
Partner Mobile Management
Endpoint Profiler Feed Service Update
Endpoint Posture Update
Endpoint Posture Agent Resources Download
Certificate Revocation List (CRL) Download
Guest Notifications
SMS Message Transmission
Social Login
08-08-2021 03:16 PM
I may be missed your HTTPS information, I was only thought tools.cisco.com for HTTPS.
by investigating more: here is the IP related to Cisco.
https://ipduh.com/dns/?www.ciscoconnectdna.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide