Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20205
Views
1
Helpful
5
Replies

Restarting ISE application server

Go to solution
russell.sage
Level 1
Level 1

‎06-22-2021 10:51 PM

Hi

Other than preventing access to the administration web page what other impact does restarting the application server have?

Does it take out all web services? by that I mean users portals.

I went to disable the TLS 1.0 and TLS1.1 in security settings and got a warning that Application server would restart on all nodes.

Not a problem other than I did not call this out in the change and my customer has a very strict change policy.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP
In response to russell.sage

‎06-23-2021 05:36 AM

Hi @russell.sage ,

 please compare the following command:

ise/admin# show ports

before and after the:

ise/admin# application stop ise

 you are able to verify a huge difference when you stop the Application Server.

 

Hope this helps !!!

View solution in original post

5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎06-22-2021 11:06 PM

The application server handles most of the basic functionality. While restarting, this node will be not available for a couple of minutes. It's a good test that will show that your redundancy concept is working. 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-22-2021 11:06 PM - edited ‎06-22-2021 11:06 PM

I would recommend starting here in the Administration node high availability section. There is a table that indicates which services will be unavailable while the node is down. I would treat this as a node down impact.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_deployment.html#ID57

 

If your node also hosts other roles, then you should look at those sections too. If your PAN node also hosts the PSN role, then you will not have endpoint authentication during the application restart. 

0 Helpful

Go to solution
russell.sage
Level 1
Level 1
In response to Damien Miller

‎06-22-2021 11:13 PM

Hi
Thanks for this. I had checked the 2.6 Admin guide. The Application Server process runs all 6 nodes 2*PAN+2*MnT+2*PSN. I was looking to disable Security settings following a Rapid7 scan. If I have to call out an outage that is fine I just didn't do that so had to abort the change.
What I can't seem to find is what functions other than the Admin GUI are impacted by the application server process restarting.
[cid:image001.png@01D767FF.3064E900]

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to russell.sage

‎06-23-2021 05:36 AM

Hi @russell.sage ,

 please compare the following command:

ise/admin# show ports

before and after the:

ise/admin# application stop ise

 you are able to verify a huge difference when you stop the Application Server.

 

Hope this helps !!!

Go to solution
russell.sage
Level 1
Level 1
In response to Marcelo Morais

‎06-23-2021 06:12 AM

Marcelo

 

Thanks for that.

0 Helpful
Customers Also Viewed These Support Documents