ISE/ISE-PIC Configuration Fields
The following fields are used to configure a connection to /ISE-PIC.
- Primary and Secondary Host Name/IP Address
-
The hostname or IP address for the primary and, optionally, the secondary pxGrid ISE servers.
The ports used by the host names you specify must be reachable by both ISE and the management center.
- pxGrid Server CA
-
The trusted certificate authority for the pxGrid framework. If your deployment includes a primary and a secondary pxGrid node, the certificates for both nodes must be signed by the same certificate authority.
- MNT Server CA
-
The trusted certificate authority for the ISE certificate when performing bulk downloads. If your deployment includes a primary and a secondary MNT node, the certificates for both nodes must be signed by the same certificate authority.
- pxGrid Client Certificate
-
The internal certificate and key that the Secure Firewall Management Center must provide to /ISE-PIC to connect to /ISE-PIC or to perform bulk downloads.
NoteThe pxGrid Client Certificate must include the clientAuth extended key usage value, or it must not include any extended key usage values.
- ISE Network Filter
-
An optional filter you can set to restrict the data that ISE reports to the Secure Firewall Management Center. If you provide a network filter, ISE reports data from the networks within that filter. You can specify a filter in the following ways:
-
Leave the field blank to specify any.
-
Enter a single IPv4 address block using CIDR notation.
-
Enter a list of IPv4 address blocks using CIDR notation, separated by commas.
NoteThis version of the system does not support filtering using IPv6 addresses, regardless of your ISE version.
-
- Subscribe to:
- Session Directory Topic: Check this box to subscribe to user session information from the ISE server. Includes SGT and endpoint metadata.
- Proxy
- You can optionally choose either a managed device or a proxy sequence to communicate with ISE/ISE-PIC if Security Cloud Control is unable to do so. For example, your Security Cloud Control might be in a public cloud but the ISE/ISE-PIC server might be on an internal intranet.