This document is intended for Cisco engineers and customers who are interested in deploying Cisco Firepower Management Center (FMC) 6.0 with Cisco Identity Service Engine (ISE 2.0 or higher) using (platform exchange Grid) pxGrid.
Note: as of Cisco FirePower 6.7, pxGrid 2.0 is supported. It is recommended to use at least ISE 2.4 (please check with Cisco Software on latest recommended release). There is no updated guide on the configuration as of this time, please reach out to the FirePower team
Please note that pxGrid remediation is not supported in Cisco Firepower Management Center FMC 6.0.
Cisco Firepower Management Center (FMC) 6.0 can now enforce an organizations security policy based on ISE session attribute information available through pxGrid. These security policies can be applied to and enforced by the Cisco Firepower to managed NGIPS sensors and/or an ASA with Firepower services. The ASA with Firepower services vsm also manage these policies locally via ASDM.
This document provides the details of configuring Cisco Firepower Management Center (FMC) 6.0 and pxGrid integration with ISE in an ISE Stand-Alone environment using self-signed certificates or using CA (Certificate Authority)- signed certificates.
In this document an ASA with Firepower services will be configured with the ASA Firepower (sfr) module and register with Cisco Firepower Management Center (FMC) 6.0 to use the centrally managed Cisco Firepower Management Center policy. The ASA with Firepower services will also be configured on-box with the Firepower intrusion policy and access control rule independent of the FMC.
The Cisco Firepower Management Center managed security policy and ASA on box Firepower Management policy will consist of an intrusion policy and Employee SGT access control rule for denying access to specific web categories.
I have 2 ASA firewalls that I am configuring the AnyConnect app in Azure AD. Firewall A works fine, SSO takes care of autologon using MFA in Azure AD. Firewall B also works, but differently. SSO still handles the autologon using MFA in Azu...
I have read the sizing docs and watched the Cisco Live presentations, but I am still confused about the number of active endpoints, total endpoints, total active sessions etc. per deployment and per PSN. If I have the following ISE 2.6 deployment all...
I have a problem where I am getting failed authentication using a One Time Password. I need the AnyConnect window to display username, password, and "Enter MFA Passcode". The user will enter their username, password and a six digit PIN from their MFA appl...
Hi team,I can´t make that access-lists works with FQDN.when i do show access-list the output show (unresolved) any (inactive) ASA CODE is Cisco Adaptive Security Appliance Software Version 9.12(4)38here is the configacl,asa,fqdnasa dn...
I have a requirement where i need to deploy 50 rows in an excel on FTD devices added in an FMC..is there any way i can do this via FMC-API or a script ? i am not very versed with FMC-API and it is very troublesome to create large no. of rules in an FMC&nb...