Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
0
Replies

Cisco ISE and SGT/SG Firewalls on ISR G2s

MikeO5422
Beginner
Beginner

‎01-05-2016 12:55 PM - edited ‎03-10-2019 11:22 PM

Hello,

I am a bit confused about the operation of Cisco ISE with SG Firewalls on ISR G2s. For reference, here is the latest support matrix for security group tagging (i think). http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html

Here are the questions:

Basically, to enable an SG Firewall on an ISR G2, you would need to turn on the zone based firewall, correct?

Next, is it possible to go into Cisco ISE and outline firewall rules that can be pushed to the router? Lets say I have 100 ISRs that I want to enable the SG Firewall on. I really do not want to touch each one more than once. I don't mind the initial ZBF setup, but the actual ZBF rules and security group definitions I would like to be pushed down from ISE. I want the rule set to be the same on all routers. When I make a change in ISE, I want it to be pushed to all of the routers. Is that even a thing? I am having trouble finding this information online.

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents