This document is for Cisco engineers and customers who are planning to integrate Infoblox NIOS and Cisco Identity Service Engine (ISE) 2.1 using Cisco Platform Exchange Grid (pxGrid). Infoblox NIOS version 7.3.6 software was used for both the virtual Grid Master and Network Discovery (ND) member.
This document includes:
Configuring Infoblox and the ISE pxGrid node for both Self-signed and CA-signed certificates
Configuring the Infoblox Grid Master (GM) and Infoblox Network Discovery (ND) member
Configuring DHCP and DNS services on the Infoblox GM
Configuring Infoblox ISE Ecosystem parameters and connecting to the ISE pxGrid node
Creating Infoblox DHCP and IPAM notifications for publishing Dynamic Topic information
Creating Infoblox RPZ notifications to send blocked DNS responses to the ISE pxGrid
Creating ISE EPS Quarantine Authorization policy
Populating Infoblox IPAM table with pxGrid session information
Quarantining an endpoint due to an Infoblox RPZ violation
The reader will observe and become familiar with the ISE user session information that will populate the IPAM table for more contextual information around IP events. Additionally, a RPZ (Response Policy Zone) will be created for blocking www.yahoo.com , with the results the of the endpoint being quarantined.
Hi, We have detected a security "bug" in the Cisco ISE Guest Portal. When creating an account from the sponsor portal for a guest, sometimes, it includes in the email with the user data created, another user that has nothing to do with the crea...
Hi, is there a way we can change the stratum of Local (127.127.1.0) NTP? Currently our ntp is pointing to local because it has lower stratum although we configure another twO NTP server but it has higher stratum compared to local and we cant change i...
Kindly help to advise us on the policy migration case below:
Our customer is using CheckPoint with the Mgmt Server ver R80.20 and the Gateway ver R77.30
From those link below: https://supportcenter.checkpoint.com/supportcenter/portal?eve...
Hi, I found recommended SSL Cipher from link "https://community.cisco.com/t5/email-security/scan-revealed-weak-ssl-cipher/td-p/2805757" but the discussion is from 2016. Can I know what is the latest SSL Cipher recommended by Cisco for CIsco SMA and E...
Hi, I tried to update SMA cipher using cli (sslconfig) but not able to do it because SMA does not behave the same as ESA. I found from other discussion that for SMA, I need to change the configuration on the config file and then upload the confi...