I know in previous versions there was an option to NOT allow users to turn off the CSA agent but allow them to modify the security level. In 18.104.22.1689 I was told by TAC that the only way to accomplish this is to remove (UI) user interaction. I feel I'm being mis-informed by TAC.
I'm not sure how much I can help, but we implemented in 5.0 so that only admins can turn the Agent "off". It required making separate Required System Modules for Administrators and Regular users.
Then again, the Agent Service Control rule type has two options for access: "Disable Agent" and "Change Local Agent Configuration". Simply don't check "local agent configuration" option and users will be able to modify their security level.
I have unchecked the option "local agent configuration" so that users cant modify their security level but it does not work. It must be a bug with the version i'm running. Guess this will have to wait until 5.0.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...