Solved: Re: ISE for access and Forescout for profiling

martucci · ‎07-10-2019

Hello,

I have a customer that went the Forescout way, but is not looking to move to ISE for Access (AuthC and authZ). But wold like to keep Forecout for profiling (not to have to throw it away completely).

Do we have anyone doing it, and what would be the best way to integrate them?

I am thinking API, the new pxGrid in that ISe has (but FW does not have), or maybe as external database.

Any real life experience?

thanks a lot

Jason Kunst · ‎07-10-2019

ISE is active authentication with dot1x mab, forescout using SNMP right (unless integrating with RADIUS). I would think theoretically you could have both in parallel. Forescout profiling and ISE doing active and profiling? compare the 2 on a test network? I wouldn't do that but guess its possible

View solution in original post

Timothy Abbott · ‎07-10-2019

Hi,

I'm not aware of any for that particular scenario. As I'm sure you are aware, ISE and CounterACT are completely different in term of approach to access control. If there is to be any integration, it would have to leverage APIs.

Regards,

-Tim

martucci · ‎07-11-2019

Thanks Tim, yes, I am aware of the different solution, I was just wondering if there was some way to make them talk, even with customer scrips, as I have heard of customers using both, so was interested to hear if they had fully parallel deployment not interacting, or maybe if they built some custom integrations.

Jason Kunst · ‎07-10-2019

ISE is active authentication with dot1x mab, forescout using SNMP right (unless integrating with RADIUS). I would think theoretically you could have both in parallel. Forescout profiling and ISE doing active and profiling? compare the 2 on a test network? I wouldn't do that but guess its possible