Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7759
Views
1
Helpful
8
Replies

ISE Integration with Umbrella

Go to solution
robinwhi
Cisco Employee
Cisco Employee

‎10-19-2017 02:13 AM

Hello

I am interested to know if ISE can be used to control policy within Umbrella. Umbrella can hold profiles for different user groups for, say, corporate and guest users. If a guest user connects via a WLC can ISE provide the profile details to Umbrella so that their DNS access is limited to a subsection of URL destinations?

Thanks

Rob

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to robinwhi

‎10-19-2017 04:08 AM

I am not aware of this integration or what group you’re referring to

The best way for this to work is for umbrella to be able to consume pxgrid information for a scalable group tag to use in its policy

Please reach out to Umbrella team to work with ISE team

I am currently checking with our product managers

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-19-2017 03:51 AM

No current integration that I know of but will double check

please reach out to umbrella team for this enhancement

0 Helpful

Go to solution
robinwhi
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎10-19-2017 03:56 AM

Looks like Umbrella relies on the WLC providing the group information to it, so that it confirms which profile a user is in, but I guess ISE can not populate this on the WLC?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to robinwhi

‎10-19-2017 04:08 AM

I am not aware of this integration or what group you’re referring to

The best way for this to work is for umbrella to be able to consume pxgrid information for a scalable group tag to use in its policy

Please reach out to Umbrella team to work with ISE team

I am currently checking with our product managers

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎10-19-2017 01:07 PM

I also reached out to our PM enoy to see if something like this exists.

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Jason Kunst

‎10-20-2017 08:56 AM

We are working with Umbrella team but nothing which can be discussed at this time in public forum.  We do work indirectly today via RADIUS and pxGrid.  For example, users can be authorized to WLC and WLC integrate role assignments to Umbrella.  Similarly, ISR can receive Passive/Active identity via pxGrid and communicate that for Umbrella integration.

Craig

Go to solution
r_wideman
Level 4
Level 4
In response to Craig Hyps

‎08-27-2018 12:02 PM

Craig, Do you have any updates for this?  I do have ISE and WLC (8.5) and would like to see deeper integration.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to r_wideman

‎08-29-2018 07:53 PM

I would suggest to check out materials such as Cisco Umbrella WLAN Integration Guide - Cisco

0 Helpful

Go to solution
riwakefi
Level 1
Level 1
In response to Craig Hyps

‎08-06-2019 07:50 PM

The Radius and WLC route seems to only work if you're pointing users to the cloud DNS IP addresses 208.67.220.220 & 208.67.222.222, or forcing them to the cloud IPs using FORCED mode. Most of my customers are going the local Umbrella VA route and there doesn't appear to be a way to "tell" the WLC that the local VAs the users are hitting are actually Umbrella servers. We're still testing this, but not looking good so far...

 

https://docs.umbrella.com/deployment-umbrella/docs/6-local-dns-forwarding

 

0 Helpful
Customers Also Viewed These Support Documents