cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

625
Views
0
Helpful
1
Replies
Highlighted
Beginner

Unquarantine Endpoint in ISE

Team,

I have integrated Firepower with ISE using PXGRID. I have certain rules in Firepower and if endpoint hits the rule it will send quarantine action to ISE for that endpoint. ISE is quarantining the endpoint and denying all the access. I am using ISE 2.0 version.

I have following questions:

1. Is there any way to unquarantine the endpoint automatically?

2. where I can see all the quarantine mac-addresses in ISE? Other-than reports

Thanks,

Neelesh Marathe

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Unquarantine Endpoint in ISE

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Re: Unquarantine Endpoint in ISE

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com

View solution in original post