cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17776
Views
16
Helpful
6
Replies

Is it possible to import ISE Policy Sets?

tomyip
Level 1
Level 1

I want to take a policy set from one ISE instance and place it on another.

Exporting ISE policy sets is possible as per ISE admin guide:

Export Authentication and Authorization Policy Configuration

You can export authentication and authorization policy configuration in the form of an XML file that you can read offline to identify any configuration errors and use for troubleshooting purposes. This XML file includes authentication and authorization policy rules, simple and compound policy conditions, dACLs, and authorization profiles. You can choose to email the XML file or save it to your local system.


Step 1  Choose Administration > System > Backup & Restore.
Step 2  Click Policy Export.
Step 3  Enter the values as needed.
Step 4  Click Export.

Use a text editor such as WordPad to view the contents of the XML file.

However, I can't find anything that states about importing policy sets. Is importing policy sets even possible? If not, what would be the easiest way to do that?

1 Accepted Solution

Accepted Solutions

Fadi_Tahan.ao
Level 1
Level 1

I cannot find a way to do it, I asked the question to a Cisco ISE field engineer and he said no. At least the exported XML you can cut and paste from it to replicate the exported rules.

View solution in original post

6 Replies 6

Fadi_Tahan.ao
Level 1
Level 1

I cannot find a way to do it, I asked the question to a Cisco ISE field engineer and he said no. At least the exported XML you can cut and paste from it to replicate the exported rules.

casanavep
Level 3
Level 3

I know this is an old post, but after 8000+ views appears to be in massive demand.  Does anyone know if Cisco fixed the other end of the equation, ability to import that which you exported?  Better yet, can one build policy templates in the exported XML format, to be imported via GUI or API?

 

-  PC

Hi @casanavep ,

 Policy management via REST API is possible on ISE 3.1 (please take a look at ISE 3.1 Release Notes, search for OpenAPI Service).

 

Hope this helps !!!

That is interesting.  Do you know if one has to be on bleeding edge 3.1 for this API policy management feature, or available on more mature releases as well? 

Hi @casanavep ,

 ISE 3.1 (today).

Note: I hope it will be available on future patches of ISE 2.7 and 3.0 : )

 

Hope this helps !!!

Thank you for the response. Yes, that helps!