cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

601
Views
10
Helpful
3
Replies
reynaldolopeza
Beginner

ISE Anomalous Endpoint Detection and Enforcement Licenses

Hi Community,

 

Here is the deal,

 

We want enable Anomalous Endpoint Detection and Enforcement Features of ISE server. Do we need to have Plus licenses to enable mentioned features? I think for Anomalous endpoint enforcement we would need Plus licenses, because we would need to configure an authorization policy for that, but am not really sure and I didn't find any information on the community or elsewhere about this.

 

Thank you in advanced.

 

Regards,

Reynaldo Lopez

1 ACCEPTED SOLUTION

Accepted Solutions
Mike.Cifelli
VIP Advocate

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

-Yes.

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

-Depends on your requirements.  Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses.  In live logs under license types you see the following:

Base and Plus license consumed

To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.

View solution in original post

3 REPLIES 3
Mike.Cifelli
VIP Advocate

Do we need to have Plus licenses to enable mentioned features?

-Yes since you would be utilizing profiling data to make an authorization policy decision.

Example authz condition: EndPoints·AnomalousBehaviour EQUALS True

 

Not sure of your ISE version, but strongly suggest referencing the following for additional resources:

ISE Profiling Design Guide - Cisco Community

Cisco ISE 2.7 Admin Guide: Licensing - Cisco

Products - ISE 3.0 License Migration Guide - Cisco

Hi Mike,

 

Thank you for your quick reply and additional resources.

 

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

 

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

 

Kind regards,

Reynaldo

 

Kind regards,

Reynaldo

 

Mike.Cifelli
VIP Advocate

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

-Yes.

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

-Depends on your requirements.  Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses.  In live logs under license types you see the following:

Base and Plus license consumed

To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel