Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2379
Views
15
Helpful
5
Replies

Can FMC integrate to more than one ISE deployment ?

Go to solution
Arne Bier
VIP
VIP

‎11-12-2020 05:47 PM

Hello

 

Just checking whether it would be possible to have the FMC integrated to another standalone ISE node (acting as its own  PAN/MnT/pxGrid)

 

I think the answer is 'no' since I had a look on my own FMC and even though I can specify two pxGrid nodes, I assumed that both of those pxGrid nodes would have to be in the same ISE deployment (cluster/ISEcube).

 

While on that subject, for SD-Access purposes, is there ever any direct FTD integration with ISE/pxGrid, or is this always handled by FMC<->ISE integration? 

 

regards

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎11-12-2020 06:25 PM

All FMC versions can integrate with single PxGrid deployment. Having that
said, with FMC pre-6.7 the answer is no cuz they use pxGridv1. However with
the introduction of PxGrid v2 in FMC, you can have single integration with
one ISE deployment. Additionally, you can run python scripts on FMC for
additional subscribers to other ISE nodes using PxGridv2.

Here are some sample scripts on how to use PxGrid Python Subscribers.

https://github.com/cisco-pxgrid/pxgrid-rest-ws/tree/master/python

***** please remember to rate useful posts

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Arne Bier

‎11-15-2020 04:09 AM

@Arne Bier 

If your FTD is not managed by FMC, then you can add an ISE identity source directly from the on-box Firepower Device Manager.

If the FTD is managed by CDO, it will be aware of an ISE integration added from FDM (but we cannot currently configure the integration directly from CDO).

View solution in original post

5 Replies 5

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎11-12-2020 06:25 PM

All FMC versions can integrate with single PxGrid deployment. Having that
said, with FMC pre-6.7 the answer is no cuz they use pxGridv1. However with
the introduction of PxGrid v2 in FMC, you can have single integration with
one ISE deployment. Additionally, you can run python scripts on FMC for
additional subscribers to other ISE nodes using PxGridv2.

Here are some sample scripts on how to use PxGrid Python Subscribers.

https://github.com/cisco-pxgrid/pxgrid-rest-ws/tree/master/python

***** please remember to rate useful posts

Go to solution
Arne Bier
VIP
VIP
In response to Mohammed al Baqari

‎11-12-2020 06:54 PM

oh last question @Mohammed al Baqari  - is there a direct integration between FTD and ISE ? Or is it only ever FMC and ISE?

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Arne Bier

‎11-12-2020 11:46 PM

You can run any machine as PxGrid client. I did this on Mac and CentOS. I
don't know if the level of permissions on FTD expert mode with sudo allows
that. Give it a try. As long as you have the permissions and python
installed you should be fine

***** please remember to rate useful posts
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Arne Bier

‎11-15-2020 04:09 AM

@Arne Bier 

If your FTD is not managed by FMC, then you can add an ISE identity source directly from the on-box Firepower Device Manager.

If the FTD is managed by CDO, it will be aware of an ISE integration added from FDM (but we cannot currently configure the integration directly from CDO).

Go to solution
khalid_mahmood
Level 4
Level 4
In response to Mohammed al Baqari

‎06-10-2022 04:34 AM

Mohammad, can you manually add multiple ISE deployment via PXGrid v2 or is that only possible using phython script?

 

Thx Khalid

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card