Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
HowdyI am trying to figure out the best option to install the ISE posture module for existing VPN anyconnect users ONLY. REading the docs and samples, all of them show installing the profile / pkg on ISE. But I feel thats more cumbersome especially ...
I am trying to make sure I got the right config.looking at thishttps://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/config-trouble-netflow-stealth.pdfI was looking at the 9300 config and it shows that netflow is enabled both inboun...
With SDA/TRUSTSEC and ISE in the mix .Try to look at options. lets say you have a SGT for headless devices - cameras, HVAC, badge readers etc. So are you saying that create a VLAN/subnet for each of them ? So, then what do you put as the default VLAN...
I understand the default setting for AMP4E for servers is without DFC and in audit mode and SP and exploit prevention turned on. How does that provide protection against buffer overflows etc targeted at the server ? A lot of times servers are expose...
HelloWith ISE monitor mode and low impact mode, you can have a interface ACL on switch. When you switch to trustsec, how do you implement something like that. Is there a way to have a initial trustsec group for example for low impact mode to put the ...
thx Mike. i have already tried in the past and aware of the ISE config requirements.. I am not sure if there are any recent enhancement. My feeling is that since posture agent required admin privileges etc, especially in the case of exiting anyconne...
thx Brian .. I did find that document after I put my post, but its still doesn't answer all my questions and it doesn't talk about where to put FNF only and ETA. it does have some pointers.Mine is a very small deployment about 6 sites each with their...
Thanks for the comments MIke. its useful. What I am saying is that lets its a brown field where a customer already had legacy network and multiple building, floors. Generally everything is lumped together in a single floor - printers, hvac, cameras, ...
thx a lot Thursten. I presume you are at the yearly sales conference ? how was it ? I have been looking online on the portal and there is no protect for any server policies and the default it says for servers is audit, and I asked someone else, an...
Tagging on to this post. With SDA/TRUSTSEC and ISE in the mix . Try to look at options. lets say you have a SGT for headless devices - cameras, HVAC, badge readers etc. So are you saying that create a VLAN/subnet for each of them ? So, then what do y...
