Solved: PXGRID - granular filtering of topics shared to FMC Domains

jatinps · ‎10-02-2016

Hi - I am looking at an environment using FMC Domains feature for different groups/tenants. Each group writes their own policies within their assigned FMC domain to influnce their own virtual/physical FTD/FirePower instance. Now if they want to use an ISE PXGrid integration, two questions come up

1) Is the ISE PXGrid integration into FMC domain specific?

2) Is there a way to limit with a subscribed PXGrid topic so that only certain ISE groups/SGTs show up to specific FMC domains?

Thanks for any guidance or pointers to detailed docs!

Timothy Abbott · ‎10-03-2016

No, it is not domain specific. FMC doesn't rely upon ISE to get domain information as they have their own concept called Realms where they query AD directly. In my lab setup, FMC subscribes to ANC, Core, EndpointProfile, EPS, SessionDirectory, and TrustSecMetaData. Unfortunately, you can't limit data within a topic in ISE today.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎10-03-2016

No, it is not domain specific. FMC doesn't rely upon ISE to get domain information as they have their own concept called Realms where they query AD directly. In my lab setup, FMC subscribes to ANC, Core, EndpointProfile, EPS, SessionDirectory, and TrustSecMetaData. Unfortunately, you can't limit data within a topic in ISE today.

Regards,

-Tim