Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
2
Replies

Updating ISE Smart License Connection Method option

franjean47
Level 1
Level 1

‎03-12-2025 07:32 AM

Good day everyone 

I just want confirmation on the following:

The ISE deployment has already been registered to the CSSM portal and is currently configured to use the HTTPS Proxy option. The proxy server that was used for this configuration has been removed from the environment and now we need to update the configuration to use the Direct HTTPS option. The deployment is not currently able to reach the portal due the configuration that still need to be updated. The License status of the deployment is still showing as In Compliance even though it is not currently able to synchronize to the CSSM portal.

1. Can we select the Direct HTTPS option and update the registration without entering the Registration Token again or must the Registration Token be re-entered? 

2. What is the time period before the deployment will go Out of Compliance and Administration rights is suspended on the PAN?

3.  Will the deployment go Out of Compliance if the Registration with Direct HTTPS fails?

Any guidance on the above would be greatly appreciated.





  

0 Helpful
2 Replies 2

marce1000
Hall of Fame
Hall of Fame

‎03-12-2025 08:29 AM

 

  - For 1) I would assume that it is not needed to enter the Registration Token again but that is not authoritative from my side :
I would have a go with it ; in case of issues look at https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/222337-integrate-ise-with-smart-licensing-serve.html#toc-hId-936966481

   For 2) and 3) read through this paragraph (completely) : https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/m_Licensing30.html#id_24694

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Arne Bier
VIP
VIP

‎03-13-2025 04:40 PM

You will need a new token because of the mode change in ISE - you are changing the mode from "proxy" to "direct" - the http requests are completely different and therefore you must de-register ISE, which puts you in 90 Day eval mode.  I say 90 days, but depending on how many days of eval you have already used in the past, your eval timer will start counting down again.

Then get a token from software.cisco.com (Smart Licensing Portal) and select "direct" in ISE. Assuming ISE can reach the required URL (I can't recall which one ISE looks for - I did a tcpdump recently in ISE 3.3 and it will show you the DNS requests)

One 90 day eval runs out, you will land in the licensing walled garden page until licensing is fixed up.

0 Helpful
Customers Also Viewed These Support Documents