01-04-2023 08:51 AM - edited 01-04-2023 08:52 AM
I am in the process of migrating from v2.4 to v3.1 and during this process, a new device type was introduced to our network that only supports TLSv1.0. On the new v3.1 ISE server, I have disabled TLSv1.0 and TLSv1.1 in the security settings. The devices are currently working on our v2.4 server because all TLS version are enabled.
My question - If I enable TLSv1.0 on my v3.1 ISE server, is there a way to restrict authentication to all devices to TLSv1.2 except if it is this specific device? I am browsing the RADIUS attributes but unable to find anything relevant.
Any suggestions is appreciated.
Solved! Go to Solution.
01-04-2023 12:48 PM
Hi @Walker , unfortunately as per the current versions of ISE , such feature is not possible . If you go to the menu displayed below (Administration>system>settings>security settings) and enable/disable TLS versions, this is a configuration global that is implemented in all the nodes within your deployment and there is no way to restrict what you suggest by rules . What it will be ideal is that you update that device you mention using TLS 1.0 towards one of the newest versions .
Let me know if that helped you .
01-04-2023 12:48 PM
Hi @Walker , unfortunately as per the current versions of ISE , such feature is not possible . If you go to the menu displayed below (Administration>system>settings>security settings) and enable/disable TLS versions, this is a configuration global that is implemented in all the nodes within your deployment and there is no way to restrict what you suggest by rules . What it will be ideal is that you update that device you mention using TLS 1.0 towards one of the newest versions .
Let me know if that helped you .
01-05-2023 05:12 AM
@Rodrigo Diaz Thanks for confirmation. We have already pressed the vendor to update to TLSv1.2 but I suspect that won't happen anytime soon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide