03-15-2023 05:13 AM
I was told by TAC engineer that tools.cisco.com is replaced by smartreceiver.cisco.com in ISE 3.1 patch-5. Furthermore, I need to whitelist the following FQDNs on the firewalls in order for ISE smart licensing to work properly:
- https://smartreceiver.cisco.com
Does it mean that I can remove whitelisting tools.cisco.com, tools1,cisco.com, tools2.cisco.com and tools3.cisco.com from the firewalls? Furthermore, anyone has the documentation where I can look this up?
Thoughts?
Solved! Go to Solution.
03-15-2023 07:47 AM
@adamscottmaster2013 it's correct your statement , smartreceiver.cisco.com is going to be used in ISE newer releases, refer to this https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31/b_ise_InstallationGuide31_chapter_7.html
Rate and comment if that helped you.
03-15-2023 07:47 AM
@adamscottmaster2013 it's correct your statement , smartreceiver.cisco.com is going to be used in ISE newer releases, refer to this https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31/b_ise_InstallationGuide31_chapter_7.html
Rate and comment if that helped you.
03-15-2023 01:32 PM
@Rodrigo Diaz: Is it safe for me to remove tools, tools1, tools2, tools3.cisco.com from the whitelisting?
03-15-2023 02:39 PM
if you are in the patch 5 for 3.1 , yes
03-15-2023 05:27 PM
@Rodrigo Diaz: I found it not to be true at all. I rebooted the ISE 3.1 patch-5 multiple times and I am still seeing it attempt to connect with tools.cisco.com or tools1.cisco.com (tools.cisco.com is an alias of tools1.cisco.com). I confirm it with tcpdump on the Cisco ISE itself.
Thoughts?
03-16-2023 11:42 AM
I did one test myself with one ISE 3.1 p5 and the http traffic goes to smartreceiver.cisco.com at port 443 if you are seeing that please work with TAC to address it .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide