Hi Everyone,

I am having some issues with a new solution i am trying to get working. In this specific case i need an FMC  to do pxgrid integration with ISE, to get SGT information for my access policy rules. The thing is a expected pxgrid to inform the FMC about changes to a session, such as if a session is re-authenticated and gets a new SGT, FMC should be updated, this does not seem to happen, only when i issue a CoA Disconnect or just disconnect the device and wait for the session to timeout then reconnect does this happen, this unfortunetale is not an option in this scenario.

I am wondering if this is an ISE bug, or maybe some kind of corner case? Seems odd that pxgrid wouldnt update the session subscribers, when a session is given a different authorizatiopn profile after re-authentication.

adi debugging on the FMC, also only shows anything happening when i Coa Disconnect, and not with CoA Reuathentication, i also have connected a pxgrid script based on the pxgrid Java SDK to the ISE, and it also doesn't receive any update for the session unless a CoA Disconnect is issued.

ISE : 2.3 Patch2 (also tested with 2.1 patch2)

FMC/FTD : 6.2.2.1

Regards,

Jan