05-02-2021 09:58 PM
Hi,
i have few admins users who do authenticate with tacacs on Cisco ISE. i want to monitor all the commands they issued on devices and which devices they access for audit purposes. i can able to get the reports from cisco switches for which users access what devices and executed which commands but i don't get the details of which commands the user executed and which device they access in cisco ISE for F5 LB , palo alto firewall, windows server, etc. can anyone help? thanks.
06-09-2022 05:30 AM
Hallo sir,
could you please share if you got an answer cuz i am facing the same issue.
best regards
04-17-2024 08:04 AM
Does anybody have a Network Device Profile for Palo Alto in ISE?
Our PA devices are authenticating fine w/ ISE via TACACS, however, network device profile = Cisco which drives me nuts. I cannot find any documentation on how to build a NDP in ISE for Palo Alto.
Regards!
04-17-2024 08:15 AM
Go to Policy > Policy Elements > Dictionaries > Radius > RADIUS Vendors and add a new dictionary, you can call it Palo Alto and set the vendor ID to be 25461, and then create a new network device profile and associate the RADIUS dictionary attribute you created.
04-17-2024 09:23 AM - edited 04-17-2024 09:24 AM
"but i don't get the details of which commands the user executed and which device they access in cisco ISE for F5 LB , palo alto firewall, windows server, etc."
There are limitations on what you can do with "non" Cisco devices like Palo Alto or F5 devices. The best thing to do is to send PAN or F5 audit logs via syslog to either ElasticSearch or Splunk and you can find them there. Much easier to do than using Cisco ISE.
My 2c.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide