Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1594
Views
0
Helpful
1
Replies

Unquarantine Endpoint in ISE

Go to solution
meetneelesh79
Level 1
Level 1

‎03-23-2017 06:39 AM

Team,

I have integrated Firepower with ISE using PXGRID. I have certain rules in Firepower and if endpoint hits the rule it will send quarantine action to ISE for that endpoint. ISE is quarantining the endpoint and denying all the access. I am using ISE 2.0 version.

I have following questions:

1. Is there any way to unquarantine the endpoint automatically?

2. where I can see all the quarantine mac-addresses in ISE? Other-than reports

Thanks,

Neelesh Marathe

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeppich
Cisco Employee
Cisco Employee

‎03-23-2017 08:38 AM

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jeppich
Cisco Employee
Cisco Employee

‎03-23-2017 08:38 AM

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com

0 Helpful
Customers Also Viewed These Support Documents