This document is for intended for Cisco engineers and customers who are interested in deploying FireSIGHT Management Center (5.4) with Cisco Identity Service Engine (ISE 1.3 or higher) using (platform exchange Grid) pxGrid’s Adaptive Network Control (ANC) mitigation actions to take action on the endpoint. Please note that this is for FireSIGHT Management Center 5.4 only and not for FireSIGHT Management Center 6.0.
This document provides details on the configuration of FireSIGHT Management Center using ISE in a stand-alone environment using self-signed certificates and also using Certificate Authority (CA)-signed certificates with pxGrid enabled. The pxGrid remediation module, pxGrid agent installation and configuration details are covered. The pxGrid remediation module provides the pxGrid ANC mitigation features: quarantine, portbounce, portshut, reauthenticate, terminate and unquarantine. The pxGrid agent provides the certificate information and ISE pxGrid node connection information between the FireSIGHT Management Center and the ISE pxGrid node. Correlation policies, rules, remediation types are defined for each ANC mitigation action type.
The reader should have some familiarity with the FireSIGHT Management Center and the Identity Service Engine (ISE) access control system. It is assumed that FireSIGHT Management Center 5.4 and a standalone ISE 1.3 or ISE 1.4 environment is installed. FireSIGHT Management Center 5.4 was also tested on ISE 2.0.
The following software versions were used for the testing of this document:
FireSIGHT Management Center 5.4
FireSIGHT Appliance Virtual Sensor 5.4
Cisco Identity Services Engine ISE 1.3 and ISE 1.4
FireSIGHT pxGrid remediation module 1.0
FireSIGHT pxGrid Agent 1.0
Microsoft CA 2008 R2 Enterprise
For configuring ISE pxGrid in a Distributed ISE environment, please see the link in the References section. Also included are links to How-To Deployment guides using CA-signed certificates and self-signed certificates using a MAC as a pxGrid client as reference.
Hello to anyone who stumbles across this post, and thanks for any insight in advance. I was wondering if there was anyway to run default fx-os commands (like show version, show blocks, show cpu, show memory, show snort statistics) while in expert mod...
Hello,we are using 802.1x to authenticate our Clients.As a fallback and for foreign devices we are using MAB.Now we often met the issue, that also MAB is not working.The authentication session does not start at all and there is no MAC Address visible.As s...
I haven't applied a classic license in the Cisco FMC before but I'll need to install a new one as we have one of our license that will be expiring in 3 months. When I install the new Classic license which is for url, does it update the existing license or...