09-29-2017 10:32 AM
Good day,
We are trying to integrate newly configured FirePower Management Center 6.2 with our existing ISE PxGrid 2.1 cluster.
The ISE deployment is as follows:
- 6 node cluster
- 2 x nodes for ADM/MnT
- 2 x nodes for PSN
- 2 x nodes for PxGrid
Note about the deployment
- The PxGrid nodes have been successfully joined to the ISE cluster and we have the PxGrid persona running.
- We have an internal CA server that has issued certs to the ISE nodes and the FMC server
- All nodes (6 ISE nodes) and FMC have the certificates issued by the same CA issuing server.
PROBLEM:
The FMC subscribes as a client to the PxGrid Controllers, so that it can receive contextual (SGT, Profiling, etc.) information about users/devices.
When trying to integrate ISE(PxGrid Controller) with the FMC, the primary PxGrid Controller can associate with the FMC - not the secondary one. Meaning I cannot add both the PxGrid controllers as Identity sources on the FMC. Even if I try adding just the secondary PxGrid, this fails. I've confirmed network connectivity (same subnets), no firewall in between them and validity of certificates and issuers. Still not sure why this will not integrate?
Has anybody seen a similar issue or can advise ? (attached a copy of the error)
Solved! Go to Solution.
09-29-2017 10:53 AM
That is normal. Just add them both. If you look at the services on your secondary pxGrid node you will see the services are not running. Only one node runs pxGrid at a time. If that node goes down the other nodes services will start up.
09-29-2017 10:53 AM
That is normal. Just add them both. If you look at the services on your secondary pxGrid node you will see the services are not running. Only one node runs pxGrid at a time. If that node goes down the other nodes services will start up.
09-29-2017 11:02 AM
Thanks Paul.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide