Before importing to a production ISE deployment, be sure you have read and understand the following conditions and caveats:
Before importing the profile library to a production ISE deployment, it is highly recommended that you first complete the following tasks:
Backup the ISE configuration database under Administration > System > Backup& Restore, or via CLI.
Optionally, export all current ISE profiles under Policy > Profiling > Profiling Policies > Export > Select All.
Restore current ISE configuration to a lab system and test the import of new profile library. Note resulting profile policy changes to current endpoints which may impact policy assignment in the production deployment.
This library contains approximately 9 new/updated profiles.
This library is based on Profiler Version 3 compatible updates which ensures that only ISE deployments running ISE 2.1 and above can import the library. This is due to the use of probes introduced in ISE 2.1 including the NMAP and AD probes.
Logical Profile creation: ISE does not currently support import or API update of logical profiles. Therefore, it is necessary to manually assign the new profiles to a new or existing logical profile. Each of the profiles do have descriptions which can aid in deciding how to logically group the profiles. Each profile can be a member of more than one logical profile. Logical profiles allow groups of devices to be distinguished in Context Visibility and facilitate the creation of policy rules based on logical groupings versus individual profiles.
This profile library uses the existing Workstation > Microsoft-Workstation profile hierarchy. There is a minor enhancement to the Windows8-Workstation profile. As such, Feed Service updates will not make changes to this profile. If wish to revert to original profile, this can be done by deleting the current version of profile and original Cisco-Provided profile will return in its place.
To install the Windows Embedded-IoT profile library:
Download the Cisco ISE Windows Embedded-IoT Profile library ZIP file
Unzip the ZIP file on your local computer to get the XML file.
In ISE, navigate to Work Centers > Profiler > Profiling Policies
Click Import ()
Choose the Windows Embedded-IoT XML file
Click on Submit.
Wait ~1 minute or less for the Windows Embedded-IoT endpoint profiles to be imported!
Once the endpoint profiles are imported, you may view the list of Windows Embedded-IoT devices by choosing Quick Filter and entering "Windows" under the Profiler Policy Name and "Administrator Created" or "Administrator Modified" under the System Type header. The filters should display the following new or modified profiles:
Hi All, Can some advise on the design strategy for large scale deployment. We are trying to deploy a 28-30 node deployment with individual nodes in DC and DR and some dedicated local PSNs as VM in critical sites so that local user authenti...
Hello,I have a question regarding HA setup within a LAN, in a scenario where there are 2 main buildings. I'm curious as to how this would be best achieved through either configuration or from a design standpoint. I have attached an image showing the setup...
Hi,Good day I was trying to set-up Cisco ESA C390 in one our data center but I'm having issues establishing connections to external and public mail servers. Below is the error when I tested SMTP ping via CLI: Starting SMTP test of host alt1.gmai...
Hi All I would like to know if the firepower 4100 setup in Active-Passive, so if the uplink switch in VSS, combine 2x 40G uplink to the Firepower pair. QuesionFirepower Active-Passive setup, what would the real time interface bandwidth would be ...