ISE and firewalls

david.tran · ‎03-28-2013

I have a Primary ISE node (primary admin/monitoring/policy) sitting in network 192.168.1.0/24 and the Secondary ISE node (secondary admin/monitoring/policy) sitting in network 192.168.2.0/24. There is a firewall sitting between these two networks.

What TCP and UDP ports do I need to open on the firewalls so that these two nodes can communicate and sync with each other? I AM ONLY INTERESTED IN THE TRAFFICS BETWEEN THESE TWO NODES and not other traffics to else where.

I've read through the documentation and it seems that I only need a couple of tcp and udp ports for this.

Any comments?

Thank you in advance.

david

Marcin Latosiewicz · ‎03-29-2013

David,

AFAIU minimum of TCP/443 and TCP/1521 (and ICMP for hearbeat).

http://www.cisco.com/en/US/partner/docs/security/ise/1.1/installation_guide/ise_app_e-ports.html

M.

mojuneja · ‎04-02-2013

I would suggest you to use any sniffer like wireshark to look into the packet flow going on between those two nodes and anlayze the traffic flow. Accordingly open the required TCP and UDP ports on your firewall.

Philip Vilhelmsson · ‎04-02-2013

Hi,

Take a look at Figure 23 in this document: http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf

manjeets · ‎05-21-2013

Agree with Philip:

Review the below link:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf