Re: ISE Profiler and applying only the downloaded OUI Package...

rezaalikhani · ‎09-04-2024

Hi all;

We see in the ISE 2.7 release notes, the following statement:

If you have customized your profiler conditions and do not want the profiler feed to replace those conditions, you can manually download OUI updates without downloading the policy updates.

Now my question is that how is it possible updating profiler feed replace an "administrator-created" or "administrator-modified" profiling policy?

Thanks

ahollifield · ‎09-05-2024

It's not. I read this as if/when you use provided conditions nested with administrator custom profiling policies.

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-2943876.html

Arne Bier · ‎09-09-2024

Profiler Feed update will never update your administrator-created profiles. The administrator-modified profiles won't be updated either, because that is the case when a cisco-created profile is modified. This puts an update lock on that profile, which can be bad news. E.g. if you modify the Cisco provided Windows-Workstation, then it will prevent downloading updates for future versions of Windows that rely on that profile. I had a customer who modified a bunch of Cisco profiles and that killed the update process. The solution was to delete all the admin-modified profiles - when you do that, ISE will replace that profile with the original cisco-provided profile.

Not sure if that helps.

rezaalikhani · ‎09-09-2024

So, we can conclude that the mentioned Cisco's document is not correct. Right?

Arne Bier · ‎09-10-2024

What the documentation is saying, is that you can (or could ... since I have failed and now given up trying) download two separate files from ise.cisco.com/partner (or whatever the URL is/was) - one contains only the MAC OUI prefix mappings. And the other file contains the MAC OUI prefix mappings AND the Profiler Policy updates.

Document doesn't say what should/might happen to the administrator-* profiles.