Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2364
Views
10
Helpful
3
Replies

ISE Anomalous Endpoint Detection and Enforcement Licenses

Go to solution
reynaldolopeza
Level 1
Level 1

‎05-20-2021 09:34 AM - edited ‎05-20-2021 09:35 AM

Hi Community,

 

Here is the deal,

 

We want enable Anomalous Endpoint Detection and Enforcement Features of ISE server. Do we need to have Plus licenses to enable mentioned features? I think for Anomalous endpoint enforcement we would need Plus licenses, because we would need to configure an authorization policy for that, but am not really sure and I didn't find any information on the community or elsewhere about this.

 

Thank you in advanced.

 

Regards,

Reynaldo Lopez

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-21-2021 04:34 AM

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

-Yes.

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

-Depends on your requirements.  Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses.  In live logs under license types you see the following:

Base and Plus license consumed

To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.

View solution in original post

3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-20-2021 09:53 AM

Do we need to have Plus licenses to enable mentioned features?

-Yes since you would be utilizing profiling data to make an authorization policy decision.

Example authz condition: EndPoints·AnomalousBehaviour EQUALS True

 

Not sure of your ISE version, but strongly suggest referencing the following for additional resources:

ISE Profiling Design Guide - Cisco Community

Cisco ISE 2.7 Admin Guide: Licensing - Cisco

Products - ISE 3.0 License Migration Guide - Cisco

Go to solution
reynaldolopeza
Level 1
Level 1
In response to Mike.Cifelli

‎05-20-2021 12:39 PM

Hi Mike,

 

Thank you for your quick reply and additional resources.

 

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

 

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

 

Kind regards,

Reynaldo

 

Kind regards,

Reynaldo

 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-21-2021 04:34 AM

So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?

-Yes.

We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?

-Depends on your requirements.  Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses.  In live logs under license types you see the following:

Base and Plus license consumed

To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents