01-18-2019 07:58 PM - edited 02-20-2020 09:45 PM
Hi, with the new version of ISE 2.4, I would like to ask the community if you have any docs for TrustSec Pre-Requisite / Checklist. I would like know how would Trustsec fit in in a network with No ASA, i have only Palo as my FW. would I be able still to implement Cisco Trust sec even without asa? I have Currently ISE in my network doing the guest and byod wireless auth. Just thought somebody in my same situation.
Thanks!
Solved! Go to Solution.
01-18-2019 10:05 PM
Without a Trustsec-capable device (such as an ASA firewall) at the boundary of your network (or Trustsec domain) you won't be able to as easily fully segment your network using Trustsec SGTs.
You can use them internally and then apply some less capable (but possibly adequate policies) at your Palo Alto Networks edge firewall. It's easiest to do that if your SGT-protected resources correspond to well-defined subnets. That way you can protect them with L3 ACLs on the edge and SGTs internally.
01-18-2019 10:05 PM
Without a Trustsec-capable device (such as an ASA firewall) at the boundary of your network (or Trustsec domain) you won't be able to as easily fully segment your network using Trustsec SGTs.
You can use them internally and then apply some less capable (but possibly adequate policies) at your Palo Alto Networks edge firewall. It's easiest to do that if your SGT-protected resources correspond to well-defined subnets. That way you can protect them with L3 ACLs on the edge and SGTs internally.
01-19-2019 12:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide