Procedure for changing ISE information

k.adath2015 · ‎07-06-2015

Hi ,

1) Is there any procedure needed to be followed to change ISE appliance ip address and name ?

2 ) What are the best practices to be followed when ISE behind a firewall (is it a security based approach or creating a bottleneck ?

(access layer ----->distribution------ >core --->firewall -->servers ---ISE)

3 ) Is there any concern keeping ISE at access layer (before the firewall )

(access layer -----ISE connected in distribution----distribution------ >core --->firewall -->servers)

Thanks

nspasov · ‎07-10-2015

For #1:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1259138

For #2:

Placing ISE servers behind firewalls is fine as long as all of the appropriate ports and protocols are allowed to traverse the FW:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html

For #3:

ISE is an application installed on the top of a hardened Linux OS based appliance. As a result, the appliance is very secure and hard to compromise. With that being said, it would be e potential target since it holds the "keys to your castle" so placing it behind a FW is not a bad idea

I hope this helps! (The docs/links are for v1.2 so if you are running on a different version just look up the same guides)

Thank you for rating helpful posts!

Thank you for rating helpful posts!