10-02-2016 11:37 PM
Hi - I am looking at an environment using FMC Domains feature for different groups/tenants. Each group writes their own policies within their assigned FMC domain to influnce their own virtual/physical FTD/FirePower instance. Now if they want to use an ISE PXGrid integration, two questions come up
1) Is the ISE PXGrid integration into FMC domain specific?
2) Is there a way to limit with a subscribed PXGrid topic so that only certain ISE groups/SGTs show up to specific FMC domains?
Thanks for any guidance or pointers to detailed docs!
Solved! Go to Solution.
10-03-2016 07:40 AM
No, it is not domain specific. FMC doesn't rely upon ISE to get domain information as they have their own concept called Realms where they query AD directly. In my lab setup, FMC subscribes to ANC, Core, EndpointProfile, EPS, SessionDirectory, and TrustSecMetaData. Unfortunately, you can't limit data within a topic in ISE today.
Regards,
-Tim
10-03-2016 07:40 AM
No, it is not domain specific. FMC doesn't rely upon ISE to get domain information as they have their own concept called Realms where they query AD directly. In my lab setup, FMC subscribes to ANC, Core, EndpointProfile, EPS, SessionDirectory, and TrustSecMetaData. Unfortunately, you can't limit data within a topic in ISE today.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide