Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1323
Views
0
Helpful
1
Replies

Creating DACLs for Protocols such as SMBv1

JacobEdmondson82
Level 1
Level 1

‎07-14-2021 01:08 PM

Our organization is looking at blocking SMBv1 traffic during our network segmentation project and would like to do so using Cisco ISE and by protocol, not port. I have not been able to find any specific guide with an answer that this is possible outside of just using basic ports in the DACLs. Can anyone confirm if this is possible for blocking protocols?

Labels:
0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎07-14-2021 04:15 PM

It sounds like you're asking if ISE is capable of doing Deep Packet Inspection to determine if the underlying service is related to SMBv1.

ISE uses the enforcement capabilities of the network devices (e.g. switches). As the switches do not support this type of DPI, ISE cannot support it.

0 Helpful
Customers Also Viewed These Support Documents