Solved: Re: ISE External MDM Integration with JAMF

Shubham Bharti · ‎10-30-2018

Hi All,

We have successfully integrated JAMF as an External MDM Server to ISE. It is being used to Machine Authorize all MAC Wireless Clients.Now we are looking at a failure scenario. What happens if there is a connection failure between ISE and JAMF. Does ISE have a MAC address database that has been returned for clients who have returned Registered previously?

Jason Kunst · ‎10-30-2018

there is an attribute if MDM unavailable. you can assign a policy for this using unreachable state. there is no caching of the posture status for MDM
https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId--1978561407

you can also set a message when its unreachable via the MDM portal
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010000.html#task_40AF816593F24EB68CD4AB65D2F4CBBF

View solution in original post

Jason Kunst · ‎10-30-2018

there is an attribute if MDM unavailable. you can assign a policy for this using unreachable state. there is no caching of the posture status for MDM
https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId--1978561407

you can also set a message when its unreachable via the MDM portal
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010000.html#task_40AF816593F24EB68CD4AB65D2F4CBBF

Shubham Bharti · ‎10-30-2018

Thanks for the reply Jason!