- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2016 11:28 AM
I have some questions about the traffic flows for ISE and encryption.
Source : All ISE Nodes
Destination : All ISE Nodes
Port : TCP 12001
Purpose : ISE Configuration replication
Question : Is this over TLS?
Source : All ISE Nodes
Destination : All ISE Nodes
Port : TCP 7802
Purpose : ISE Configuration replication
Question : Is this over TLS?
Source : Admin&Mon
Destination : Admin&Mon
Port : TCP 1528
Purpose : Oracle DB (Secure JDBC)
Questions : Is this over TLS? Need to understand what "secure" means.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2016 04:31 PM
JGroups communications over TCP/12001 (global JGroup channel) and TCP/7800 and 7802 (Local JGroup Cluster) all occur over TLS 1.2. Oracle communications over JDBC are also secured via TLS. All current (patched) versions of ISE should address current SSL vulnerabilities including the use of TLS to secure internode communications. Depending on the service, there are some options to deliberately allow weaker protocols and ciphers for backwards compatibility, for example TLS 1.0 or SHA-1 user, but default should be secure (disallow SSL).
/Craig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2016 04:31 PM
JGroups communications over TCP/12001 (global JGroup channel) and TCP/7800 and 7802 (Local JGroup Cluster) all occur over TLS 1.2. Oracle communications over JDBC are also secured via TLS. All current (patched) versions of ISE should address current SSL vulnerabilities including the use of TLS to secure internode communications. Depending on the service, there are some options to deliberately allow weaker protocols and ciphers for backwards compatibility, for example TLS 1.0 or SHA-1 user, but default should be secure (disallow SSL).
/Craig

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2018 08:27 AM
Hi,
Sorry to wake up an old thread, but which certs are used for the encryption? The certs imported as part of adding the nodes to the primary PAN?
If I wanted to use my own certs from a private CA, is there a guide for this?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2018 10:16 AM
The certificates designated with the usage "Admin".
