cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

357
Views
0
Helpful
2
Replies
Dominic Zeni
Contributor

PXGrid 2.0 Capabilities

Hi!

 

Trying this question again here.  The first time I was instructed to contact a Cisco employee offline (see below link), but I've been on hold for a while there, so wanted to put this back into the forum.  

 

https://community.cisco.com/t5/identity-services-engine-ise/pxgrid-2-0-capabilities/td-p/3748344

The original inquiry (from the link above) is pasted below.  Since then we have also found that we may be able to do this integration with a combination of syslog / external restful services without using PXGrid.  RADIUS Accounting syslog would be sent to Forescout when a new session is established, Forescout would then run posture.  If any enforcement action was needed resulting from the posture check, Forescout would use ERS to update an endpoint attribute, triggering CoA.  Has anyone used this type of integration with a third party endpoint security product before?  

 

Seems like Juniper has some documentation around it:  https://www.juniper.net/documentation/en_US/junos-space17.2/policy-enforcer/topics/task/configuration/junos-space-policy-enforcer-connectors-cisco-ise.html. 

 

 

Original Inquiry:

 

I have a question regarding the capabilities of PXGrid 2.0 and whether or not they will be able to meet the requirements of an upcoming customer project, or if we will need to utilize PXGrid 1.0.  

 

The customer has chosen to use forescout as their endpoint posture compliance checking "engine" and ISE as the enforcement "engine".  They will be installing ISE 2.4, so they have access to PXGrid 2.0 support, but it seems that PXGrid 2.0 initially lacks support for a few PXGrid services we will need.

 

Reference:

https://developer.cisco.com/docs/pxgrid/#!parity-chart-between-pgrid-1-0-and-pxgrid-2-0/support-legacy-pxgrid-clients

 

I believe forescout will need access to EPS Quarantine and Session Subscribe to meet the integration requirements.  Does forescout need to use PXGrid 1.0 as the link above suggests?  Or asked another way, is that link accurate for PXGrid 2.0 capabilities?

 

Any other comments/suggestions you may have around this scenario are greatly appreciated as well!

 

Thanks!

 

Dominic

 
2 REPLIES 2
hslai
Cisco Employee

Please use the info already publicly available. Thank you.

Hi hslai,

 

What info?

 

Thank you,

 

Dominic

Content for Community-Ad