Did Cisco ISE have limitation for policy setting?

joealone1 · ‎03-24-2014

Deat All,

Did anyone know about Cisco ISE limitation about policy setting?

Right now my setting for windows posture policy around 200 windows patch checking, did ISE have limitation such as maximum windows patching policy line?

Thanks you

Best Regards

mohanak · ‎05-28-2014

Here is the nswer for your first question.

Cisco ISE profiler collects a significant amount of endpoint data from the network in a short period of time. It causes Java Virtual Machine (JVM) memory utilization to go up due to accumulated backlog when some of the slower Cisco ISE components process the data generated by the profiler, which results in performance degradation and stability issues.

To ensure that the profiler does not increase the JVM memory utilization and prevent JVM to go out of memory and restart, limits are applied to the following internal components of the profiler:

Endpoint Cache—Internal cache is limited in size that has to be purged periodically (based on least recently used strategy) when the size exceeds the limit.
Forwarder—The main ingress queue of endpoint information collected by the profiler.
Event Handler—An internal queue that disconnects a fast component, which feeds data to a slower processing component (typically related to a database query).

For more information go through :

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#12624

Venkatesh Attuluri · ‎09-18-2014

I dont think their is a limit for number of policy's that we define in ISE

Saurav Lodh · ‎09-23-2014

as such I haven't heard of a limit on rules, what I think the number of diff. policies depends of the number of diff. ways you can make policies which finally depends upon the diff. attributes used to create compound rules.