I'm working on upgrading our ISE deployment from 2.7 to 3.2. We currently have a 4-node production deployment of ISE 2.7 - (2) PAN/MNT nodes and (2) PSNs. I've already installed ISE 3.2 onto new VMs and am at the point where I would like to restore t...
I noticed that a change I made to a DACL about 2 weeks prior had not been applied to the port that a printer was connected to. I had to manually clear the auth session before the change was applied to the port. This DACL change will need to be applie...
I'm in the process of configuring a new VPN appliance and have the following set up so far:FMC managing FTD 2110 (both running 7.0.1)One connection profile using SAML authentication + MFA via Microsoft Authenticator appThis is currently working and i...
Our ISE deployment consists of (4) nodes - (2) PANs and (2) PSNs - and only 1/4 can access the repository where the Log4J patch file is currently located.I’ve recreated the repository via the ISE Admin console and the config deployed to all (4) of th...
I'm attempting to upgrade our Cisco Firepower 2110 appliance to FTD v7.0.1 (we're currently running FTD 6.4.0.9) When I run the Readiness Check, it fails and points me to a log that has the following message: Tailing /ngfw/var/log/sf/Cisco_FTD_SSP_FP...
Thank you for the reply, @marce1000. Below is the amount of free space that the 3.2 node has for each partition:Where would ISE attempt to copy the file to when the restore process is initiated? If it's the temp folder, then it has insufficient space...
Thanks for the response @Rob Ingram. I set a reauth timer on the authorization profile that's used for printers in our environment, but that did not work. Several printers that I checked only show the old dACL. The only way that I've been able to get...
Thank you for the reply, @Milos_Jovanovic . For the first group, in which you are using only SAML and Azure integration, should work out of the box, as soon as you input credentials. Whether you are requesting some additional conditions to be complet...
I appreciate the response, @Arne Bier . I've issued the command on each of the nodes. I received confirmation that the host key fingerprint was added and that it was opperating in CiscoSSL FIPS mode. Here's a debug from the one that's working:ISESERV...
