cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

127
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

Identity Provider to FMC - Scaling Question

Hi,

I have a Firepower customer looking for identity integration within Firepower management center. We have been exploring the identity integration with pxGrid but the scale is bringing up questions on deployment options.

  1. The customer has around 250(!) domain controllers, which means around 25 AD-Agents. Do we have any examples on this scale ?
  2. Would another option like SPAN or Logs might be a better approach ?
    1. There is an existing Qradar deployment with WMI integration to AD. Can that data be utilized by pxGrid and then fed into FMC ? Just checking, if this has been seen at any other customer.

Open to other ideas..

Naman

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Re: Identity Provider to FMC - Scaling Question

Max limit per ISE / ISE-PIC instance is 100 DCs today.  If require monitoring of more DCs, then deploy multiple ISE/PIC instances.  See ISE Performance & Scale

Remember, it is only needed to get identity for DCs that authenticate users and where need to apply policy based on the users logging into that DC.  Although not officially QA tested, we have tested internally the use of log event forwarding which could be used to forward logs from multiple DCs to a single DC for collection.

If the Qradar deployment generates logs for each event, then Syslog could be used to parse user/IP mappings.

Craig

View solution in original post

1 REPLY 1
Highlighted
Advocate

Re: Identity Provider to FMC - Scaling Question

Max limit per ISE / ISE-PIC instance is 100 DCs today.  If require monitoring of more DCs, then deploy multiple ISE/PIC instances.  See ISE Performance & Scale

Remember, it is only needed to get identity for DCs that authenticate users and where need to apply policy based on the users logging into that DC.  Although not officially QA tested, we have tested internally the use of log event forwarding which could be used to forward logs from multiple DCs to a single DC for collection.

If the Qradar deployment generates logs for each event, then Syslog could be used to parse user/IP mappings.

Craig

View solution in original post