06-04-2020 07:39 AM
We are working to implement the pxGrid integration between ISE and Firepower. If SGTs and user groups are imported from ISE and used in an ACP, what happens to that policy on the firepower device if the FMC goes down? Please provide documentation describing the result if possible.
Solved! Go to Solution.
06-04-2020 12:55 PM - edited 06-04-2020 12:57 PM
I could not find a document to prove this what you requested. however, I have tested this in my lab. PxGrid is configured between ISE and FMC. Once FMC learn the SXP information from the ISE PxGrid. I push my policy to FTD. Than later i power off my FMC. therefore as excepted the FTD learn its policy from the FMC therefore the policy remain intact in FTD local database. prior to power off my FMC i took a sniping tool of my result. I set a rule Employees ping to Google must be denied. and the employee SGT number is 4.
now FMC is power off if you jump/login to FTD and give command show access-control-config
06-04-2020 12:55 PM - edited 06-04-2020 12:57 PM
I could not find a document to prove this what you requested. however, I have tested this in my lab. PxGrid is configured between ISE and FMC. Once FMC learn the SXP information from the ISE PxGrid. I push my policy to FTD. Than later i power off my FMC. therefore as excepted the FTD learn its policy from the FMC therefore the policy remain intact in FTD local database. prior to power off my FMC i took a sniping tool of my result. I set a rule Employees ping to Google must be denied. and the employee SGT number is 4.
now FMC is power off if you jump/login to FTD and give command show access-control-config
06-04-2020 01:44 PM
Ah! Great. I don't think there is documentation so hopefully this will help others with the same question. The FTD does maintain policy with ISE attributes once it has been pushed, even if the FMC fails.
06-04-2020 03:33 PM
Yes that correct. this is what i tested and posted my results. hope it will help you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide