cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

274
Views
5
Helpful
3
Replies
Highlighted

Watchguard Firebox integrate with ISE (Radius)

Hi everyone,

 

I'm looking for info about how to integrate vpn users of Watchguard Firebox to ISE, i tried to find out documentation about it but nothing relevant.

 

anyone could you help me?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Watchguard Firebox integrate with ISE (Radius)

Hi

I believe you want to authenticate your users against ISE and that’s it?
If so, there’s nothing much to do. Your Watchguard has to be declared as a simple NAD and ISE with a standard policy-set (as if it was any other device like Cisco).
Is it what you’re looking for? If not, can you please detail the integration you’re looking for. I don’t think watchguard has any more possible integration but you can look at Cisco ise 3rd party compatibility matrix or ask watchguard directly.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 REPLIES 3
Highlighted
VIP Advisor

Re: Watchguard Firebox integrate with ISE (Radius)

Hi

I believe you want to authenticate your users against ISE and that’s it?
If so, there’s nothing much to do. Your Watchguard has to be declared as a simple NAD and ISE with a standard policy-set (as if it was any other device like Cisco).
Is it what you’re looking for? If not, can you please detail the integration you’re looking for. I don’t think watchguard has any more possible integration but you can look at Cisco ise 3rd party compatibility matrix or ask watchguard directly.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Highlighted

Re: Watchguard Firebox integrate with ISE (Radius)

Hi Francesco,

 

Thank you for you help, at least now the watchguard vpn client (Firebox) is authenticating on ISE, this is my first step, but now i want to make a posture assessment (i need to implemente compliance measures), i don't now if that is possible or only available for anyconnect?

 

Thanks in advance.

 

Regards.

Patricio

Highlighted
VIP Advisor

Re: Watchguard Firebox integrate with ISE (Radius)

For posture over VPN you'll need to have anyconnect and so a Cisco firewall. On this client, you will need to deploy the posture module.
Another solution I like more is to use a software like Rapid7, Tenable,.. you can integrate to ise and right after an authentication, ISE will trigger a scan of the machine to get a cvss score (could be with or without an agent installed on the machine). Based on this score you can trigger a push of acl, deny access... but this will be possible if your whatchguard supports any radius attribute like that.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question