Solved: Re: tcp/udp ports allowed across firewall between ISE nodes

cciesec2011 · ‎09-02-2019

I have 2 ISE nodes version 2.6 patch 2. ISE1 is the primary admin/MnT and PSN node that is behind a firewall interface. ISE2 is the secondary admin/MnT node that is behind another firewall interface. What TCP/UDP ports must be allowed across the firewall for the ISE nodes to be communicated with each other effectively.

TIA.

Jason Kunst · ‎09-03-2019

Please do provide us what's wrong so we may update. if there is TAC case provide that so we can follow up. I would ask they open defect

View solution in original post

Rob Ingram · ‎09-02-2019

Hi,

Here is the port reference for ISE.

HTH

cciesec2011 · ‎09-02-2019

do you have first hand experience on specific ports and protocols?

Colby LeMaire · ‎09-02-2019

What is your specific question or concern? The reference lays out all of the communication requirements for the various node types and features.

cciesec2011 · ‎09-03-2019

@Colby LeMaire wrote:
What is your specific question or concern? The reference lays out all of the communication requirements for the various node types and features.

Because the documentation is either wrong or incomplete for version 2.6 patch 2. I opened a TAC case with Cisco and even the TAC engineer is not very clear on the ports and protocols that have to be opened on the firewalls for it to work properly. The TAC engineer told me one thing and I am seeing something else.

Colby LeMaire · ‎09-03-2019

If you have packet captures showing that the documentation is incomplete or wrong, then provide that to TAC and have them open a documentation bug. Or post your information here to the community so the folks in the BU can review and verify.

Jason Kunst · ‎09-03-2019

Please do provide us what's wrong so we may update. if there is TAC case provide that so we can follow up. I would ask they open defect