I am unable to manually assign ANC policies to hosts in the Secure Network Analytics Host Report section. When I inspect a specific host and try to assign one at the Host Summary Pane, I am receiving this error:
We encountered an error from one or more ISE clusters while retrieving ANC policy information for the host
PFCU_ISE - Session request failed. Please try again or contact technical support if the problem persists.
Select the ANC Policy to apply to ISE cluster for this host: XXX.XXX.XX.XX
Session request failed. Please try again or contact technical support if the problem persists.
Has anyone encountered this issue and have they been able to solve it? I am currently using version :7.4.0 at build: 20210915.1752-1eb7bcbb6a85-1
I've been having a long standing issue with SNA-ISE integration. In my case it's the session subscription (i.e., username-IP address mapping). I'm also running SNA 7.4.0 with the latest rollup patch. My ISE is 3.1 Patch 1. Other pxGrid subscribers (Cisco Secure Firewall Management Center) are consuming the data from ISE just fine.
I've had a TAC case open for several months now without resolution. The latest status is that it is being escalated to engineering.
Hi Good Morning Marvin,
I've been able to solve the issue I had previously listed, by upgrading to the latest suggested version of the Secure Network Analytics system. This is 7.4.1 from my older 7.4.0 version, for both the Management Center and the Flow Collector that I have in my deployment. This upgrade could fix the issues with username to IP address mapping, that doesn't show up in host reports.