Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1356
Views
35
Helpful
3
Replies

Cisco ISE - TLS Ratelimiting and Renegotiation

Johannes_Grimm
Level 1
Level 1

‎10-01-2021 07:20 AM

Dear community,

 

does anyone know if it is possible to configure ratelimiting on new incoming TLS connections and renegotiations on Identity Services Engine?

 

Best regards,

Johannes 

Labels:
3 Replies 3

Rob Ingram
VIP
VIP

‎10-01-2021 08:31 AM

@Johannes_Grimm I am not aware that this is possible on ISE itself, but perhaps it would be possible if there was a load balancer in front of ISE nodes.

Johannes_Grimm
Level 1
Level 1
In response to Rob Ingram

‎10-01-2021 12:16 PM

Hi @Rob Ingram,

 

thank you very much! That's a very good suggestion, but unfortunately not to be implemented in my case.

 

Best regards,
Johannes

Marcelo Morais
VIP
VIP
In response to Johannes_Grimm

‎10-01-2021 07:36 PM

Hi @Johannes_Grimm ,

 it's possible to rate-limit to an specific port, but I don't know if it is exactly what you are looking for:

ise/admin(config)# rate-limit ?
<1-10000> Average number of TCP/UDP/ICMP packets per second

ise/admin(config)# rate-limit x ?
ip Source IP address to apply rate limit
ipv6 Source IPv6 address to apply rate limit
port Destination port number to apply rate limit
<cr> Carriage return.

Note: please take a look at Performance and Scalability Guide for ISE, search for: RADIUS Performance ... check for the AuthC/Sec for EAP/TLS.

 

Hope this helps!!!

Customers Also Viewed These Support Documents