This document is for Cisco Engineers, McAfee Engineers, partners and customers deploying McAfee Data Exchange Layer (DXL) Broker 4.0., McAfee ePolicy Orchestrator (ePO 5.9) with Cisco Platform Exchange Grid (pxGrid) using Cisco Identity Services Engine (ISE 2.3).
This document illustrates the steps required to configure the use cases below. This document also includes the following use cases:
n An Eicar Virus is detected on the endpoint, McAfee ePO generates an automated response where the McAfee DXL broker triggers an ISE pxGrid Adaptive Network Control (ANC) mitigation action, quarantining the endpoint in ISE.
This is a basic use case and illustrates the integration between McAfee DXL broker and Cisco ISE pxGrid node.
n The McAfee DXL broker python client receives ISE ANC “quarantined policy” notifications through Cisco pxGrid and McAfee ePO assigns a policy tag of “quarantined” to the endpoint when a violation in the ISE ANC policy occurs. Once this endpoint has been tagged by McAfee ePO, McAfee ePO can take manual action as defied by the McAfee ePO admin.
This use case is more advanced and is optional.
n The endpoint does not have the McAfee agent installed, ISE posture will detect this, and deem the endpoint non-compliant. A remediation link will be provided to the end-user via ePO to download and install the application. Once ISE detects that the McAfee ePO is installed, the endpoint is now compliant and granted full network access.
This use case is more advanced and is optional
n An employee-owned laptop goes through the organization’s on-boarding process to satisfy the organization’s BYOD initiative. The EPO admin can then install on the endpoint centrally or manually by the by the end- user.
Hi New to using Cisco ACL's, I have an ASA 5510 (Cisco Adaptive Security Appliance Software Version 9.1(7)13 ) I have nat'd subnets on Ethernet0/1 & Ethernet0/3, security-level 100 and these work correctly. I have a sub interface,...
Hello. My customer is having an issue where one of their public IPs is being blocked by spamhaus. All of their mail servers have their own static NaT setup and are not being blocked, ,so we are trying to identify what other device(s) are sending SMTP traf...
HelloWith ISE monitor mode and low impact mode, you can have a interface ACL on switch. When you switch to trustsec, how do you implement something like that. Is there a way to have a initial trustsec group for example for low impact mode to put the ...
Hi All, I have create 2 user as below: user: admin (able access asdm,ssh but not able to anyconnect).user: vpnuser1 (able to use anyconnect but not able access asdm and ssh) My problem is i able to restrict vpnuser1 only access anyconnect v...
Hello Team, I have a 2960-x switch and it has failed to redirect domain traffic to ise using the redirect ACL, but when i type in something like 18.104.22.168 in the client computer, the redirection takes place and it redirects to the ISE's guest port...