FMC and Cisco ISE using pxGrid

Peter Lewis · ‎07-28-2017

Hi, does anyone know if specific ports are required to be opened when using pxGrid on the FMC to communicate with Cisco ISE

Thanks in advance.

Jetsy Mathew · ‎07-28-2017

Hello Peter,

Refer the following link for further information that you requested.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200240-ISE-and-FirePower-integration-remediat.html

We need just 443 I beleive.

Regards

Jetsy

Peter Lewis · ‎08-07-2017

Hi Jetsy, thanks for the information, can anyone else confirm or point me to a document that actually lists the ports that need to be opened between the FMCs and the Cisco ISE, I'm having no luck finding this information.

Thanks in advance.

Jetsy Mathew · ‎08-07-2017

Hello Peter

Here is one more link that may help you.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html#reference_676169B0F59A4C24A71197224741B067

Regards

Jetsy

Peter Lewis · ‎08-07-2017

Hi Jetsy, yes I saw that document, however, that looks to me to be for communication between the ISE nodes themselves and not between the FMC and ISE

Best regards,

Pete.

Marvin Rhoads · ‎08-08-2017

I can't find a reference that says "pxGrid uses tcp/443" but the whole setup is based on using SSL certificates to secure the communications between publisher and subscriber (ISE and FMC respectively in this case).

See

https://communities.cisco.com/docs/DOC-68284

Oliver Kaiser · ‎08-21-2017

As Jetsy pointed out TCP/443 from FMC to ISE will be enough. Make sure to use Firepower 6.2.0.2 and minimum ISE 2.2 Patch 2... I have encountered a few bugs with firepower pxgrid integration and would not recommend to start with lower versions.