Lab Minutes Forum

Technical Discussion => Security => Topic started by: Mikep on April 25, 2016, 05:56:16 PM

Title: ISE integration with Firepower with pxGrid
Post by: Mikep on April 25, 2016, 05:56:16 PM
Hey MC,

I was curious if you have had a chance to lab this up yet? I just haven't had time and can't in prod.

Right now for wireless clients there is no AD log on/log off event so the CDA can't map user to IP for wireless users.  This is problematic with WSA and will be with out firepower when we upgrade our ASA's

I'm curious with pxGrid if ISE will be able to map wireless users to IP and have that context used in firepower? Or is it pretty much a glorified CDA and can only see AD events and use those?

Title: Re: ISE integration with Firepower with pxGrid
Post by: MC on April 25, 2016, 09:38:05 PM
ISE publish endpoint identity from two sources; RADIUS/802.1X and Identity mapping from AD (like CDA). If your users authenticates against ISE whether they are wired/wireless/VPN, ISE will send the user info into the pxGrid for other subscriber to consume. So yes, your WSA or FP should be able to see the username/IP.
SimplePortal 2.3.7 © 2008-2024, SimplePortal