cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1412
Views
0
Helpful
2
Replies
giovanni.augusto
Beginner

ISE and Firepower Identity : update interval for Active Directory and other identity sources

Hi Everyone,

 

I know that ISE can provide user-to-ip mappings to FMC and based on that user access control can be enforced (and with rapid threat containment as well).

 

What I would like to know is how often the user-to-ip mappings are updated? I used to run some test with Firesight AD agent and I recall there were a regular interval to update the mappings and that was not feasible for our production environment, using ISE makes it realtime since it uses WMI or is it still bound to scheduled updates ?

 

Thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
Mohammed al Baqari
VIP Advisor

With ISE it uses PxGRID which is based XMPP subscription. FMC will
subscribe to ISE PixGrid and after that it will be push from ISE to FMC
instead of poll from FMC to ISE. This means that you don't have regular
interval based sync. Instead its based on changes detected by ISE will be
notified to FMC

*** Remember to rate useful posts

View solution in original post

Mohammed is correct. It uses PxGrid for Adaptive Network Control to take action. FMC consumes session directory and Trustsec meta data to gather user, IP, SGT information etc.
Essentially it uses PxGrid 1.0 based on XMPP and rest as mentioned above.

View solution in original post

2 REPLIES 2
Mohammed al Baqari
VIP Advisor

With ISE it uses PxGRID which is based XMPP subscription. FMC will
subscribe to ISE PixGrid and after that it will be push from ISE to FMC
instead of poll from FMC to ISE. This means that you don't have regular
interval based sync. Instead its based on changes detected by ISE will be
notified to FMC

*** Remember to rate useful posts

View solution in original post

Mohammed is correct. It uses PxGrid for Adaptive Network Control to take action. FMC consumes session directory and Trustsec meta data to gather user, IP, SGT information etc.
Essentially it uses PxGrid 1.0 based on XMPP and rest as mentioned above.

View solution in original post

Content for Community-Ad