ISE and Backbox repository Integration Issues

Naive · ‎02-21-2025

Hello Team,

We are trying to setup SFTP repository with backbox for ISE scheduled backups, Somehow ISE backup is getting stopped at 60%, while we trying to debug it through CLI by running show repository [name] on cli pan node it throws error sftp_handler.c[411] [system]: sftp_select Error: timeout!

We tried by pinging ISE pan to backbox repository, its pinging fine.

Do we have documentation or recommended settings we have to do while using backbox for ISE backups.

Rob Ingram · ‎02-21-2025

@Naive did you log in to the CLI of the ISE nodeS via SSH and use the command crypto host_key add host <ip address of the server> to add the host key of the SFTP server?

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/215348-how-to-configure-repository-on-identity.html

Naive · ‎02-22-2025

Hello Rob, Yes, we have already added crypto host-keys through CLI

Rob Ingram · ‎02-22-2025

@Naive what version of ISE are you using? There is this bug - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd89657

Naive · ‎02-22-2025

@Rob Ingram I actually saw this document earlier, but our version of ISE is 3.2, and no patch.

Rob Ingram · ‎02-22-2025

@Naive did you check the ISE 3.2 release notes, there are several issues with SFTP.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/release_notes/b_ise_32_RN.html

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd31524

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh45472

Even if not related, I'd recommend installing the latest ISE 3.2 patch 7, there has been a lot bug fixes. Or upgrading to the recommended release, 3.3 patch 4.