Hi Shiva,

PAN will take the feed from cisco.com/perfigo.com , you need to allow tcp/443 for posture updates & tcp/8443 for profiling feeds in your firewall.

Otherwise you can configure a proxy server under Administration->System->Settings->Proxy which will take feed through proxy server

you can refer this document for all ports related queries: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_0110.pdf

Hope that answers your query!

Thanks,

Aravind

Hi Aravind, thanks for your reply.

I know that the diagram mentions that it is PAN but there are no details of profiler/posture feed in ports used by PAN or PSN. That is where it confuses.

I am waiting for response from Cisco. I see no one replies often for these questions, waiting for answers.

Thanks.

Sorry for the typo.

I know that the diagram mentions that it is PAN but there are no details of profiler/posture feed in ports used by PAN or PSN in the tables mentioned in ISE Port Reference PDF. I am talking about the tables of ports used by Admin, PSN, MNT mentioned in the ISE port reference pdf where there is no mention of profiler/posture feed updates. That is where it confuses.

I have done enough research before posting this one and only waiting for response from Cisco.

Thanks

Aravind is correct that the primary ISE node initiates the out bound connections to the profiler feed server on its HTTPS on TCP 8443.

Aravind is correct that the primary ISE node initiates the out bound connections to the profiler feed server on its HTTPS on TCP 8443.