02-03-2017 05:13 AM - edited 02-21-2020 10:31 AM
02-03-2017 07:19 AM
Could just be a visual bug if it is actually receiving traffic. We'll be testing the newest RC of 6.9 and ISE PIC next week and let you know if it still shows the red X.
02-03-2017 07:45 AM
Okay. For my testing, I'm using Stealthwatch 6.9.0 2017.01.13.2303-0 and ISE 2.2.0.456. Are those not the latest versions of both?
Thanks
02-17-2017 06:17 AM
Hi Scott,
I got the same issue as you. In SW6.9 Java, ISE PIC is marked red but when I go in the Web UI it is green.
Not really sure why. If someone has some inputs?
Thanks,
Rémi
02-17-2017 06:59 AM
The SMC calls a REST API on ISE – https://<ise-Ip>/ise/mnt/api/version for 2 purposes:
1) On initial configuration it determines what version of ISE is running to determine how to process certain syslog fields.
2) On-going heart beat to ensure that ISE is still there.
The certificate configuration is to allow the SSL channel to come up (i.e. SMC needs to accept the certificate being presented by ISE; ISE needs to allow the certificate being presented by the SMC)
Prior to ISE 1.3 it was possible to call/leverage this API with a Help Desk User privileged account. However, beginning with ISE 1.3 all REST APIs require SuperAdmin privileges. Arguably you could disable the account on ISE after initial config, the ISE icon in the SMC swing client will show an error along the lines of “there are communication problems with ISE” but the integration will continue to work as syslog will still arrive at the SMC.
Our fix going forward (beginning with Stealthwatch 6.9) will be to leverage pxGrid for session information instead of syslog.
02-17-2017 07:59 AM
Chris, I understand the new differences in communication and have all of the connectivity working and see the user data in Stealthwatch, but I still have that red X.
Thanks
02-28-2018 11:43 AM
Experiencing this problem on a number of occasions due to upgrades and whatnot. Our fix is always to check the certificates to ensure matching and validate the userID / password between the two devices. Both have broken the connection (red x) May need to "jumpstart" again by walking through the configuration on Stealthwatch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide