06-28-2019 09:26 AM
Hi,
I'm interested in adding a pxGrid node to allow 3rd party systems use ISE for quarantine/COA.
My workstations are now licensed via Base licenses, and to my understanding require Plus licensing for pxGrid content sharing in order to be managed via 3rd party APIs which communicate with pxGrid.
From the documentation, in a dedicated node deployment, you can have up to 800 pxGrid subscriptions at most with each pxGrid node serving up to 200 subscribers. 800 is less than the number of workstations in the deployment.
1) Are these subscribers in fact the workstations which can be quarantined via pxGrid API?
2) Is the number of supported subscribers just the number of simultaenous quarantines that can be performed at a time, or is a Plus License necessary for each and every workstation in the deployment regardless of the 800 hard limit?
3) In the future, if I want to adding Apex licenses for endpoints which need to be postured, do I need to have a matching number of Base and Plus licenses for each Apex license, or is a matching Base license enough?
Thanks for your help!
Solved! Go to Solution.
07-03-2019 10:04 AM
...
C) An apex license for each endpoint which I want to posture. Must also be 20,000.
I am not seeing it must also matched Base in the ordering guide.
Cisco demands A = B, correct?
Yes, this info is currently in the Table 2 of the ordering guide.
Any info not clear in the Cisco ISE ordering guide, please send feedbacks directly to our PM teams.
06-28-2019 11:07 AM
06-30-2019 04:22 AM
06-30-2019 07:55 AM
@Nadav wrote:
... I'm just looking for another form of confirmation, and whether the 800
limit means that up to 800 endpoints can be quarantined at a time.
I hope my last response clearing it for you. Put it another way...
The max pxGrid subscribers in ISE 2.4 Platform eXchange Grid (pxGrid v2) Scaling are for pxGrid v2 and about the consumers and providers described in Communication. We may see the subscribers (clients) listed in the ISE admin web UI > Administration > pxGrid Services > All Clients. Many subscribers, including SMC and FMC, today are still in pxGrid v1.
06-29-2019 07:47 PM
Adding to what Mike.Cifelli said... the definition info is in the Cisco ISE ordering guide.
On 1 & 2, subscribers are the applications making connections to pxGrid controllers and acting either as consumers or providers. Workstations are endpoints but not pxGrid subscribers, unless they are used to host such applications.
On 3, see section 1.9.3 of the ordering guide.
07-03-2019 07:00 AM
Hi,
So just to make sure the licensing demands are clear:
A) A base license per endpoint which authenticates by 802.1x. Let's say 20,000.
B) A plus licence for each endpoint which I want via pxGrid to potentially quarantine. Let's say due to Stealthwatch policy or some 3rd part vendor. Must also be 20,000.
C) An apex license for each endpoint which I want to posture. Must also be 20,000.
Cisco demands A = B, correct?
07-03-2019 10:04 AM
...
C) An apex license for each endpoint which I want to posture. Must also be 20,000.
I am not seeing it must also matched Base in the ordering guide.
Cisco demands A = B, correct?
Yes, this info is currently in the Table 2 of the ordering guide.
Any info not clear in the Cisco ISE ordering guide, please send feedbacks directly to our PM teams.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: