Cisco Cisco Web Security Appliance S690 User Guide

Cisco’s Identity Services Engine (ISE) is an application that runs on separate servers in your network to 
provide enhanced identity management. AsyncOS can access user-identity information from an ISE 
version 1.3  server. If configured, user names and associated Secure Group Tags will be obtained from 
the Identity Services Engine for appropriately configured Identification Profiles, to allow transparent 
user identification in policies configured to use those profiles.

This release of AsyncOS does not support Connector mode; however, when operating in 
Connector mode, ISE-specific options remain visible and apparently available. However, do 
not attempt to use the ISE features.

This section describes the certificates necessary for ISE connection. 

, provides general certificate-management information for AsyncOS.

T certificates are required for mutual authentication and secure communication between the Web 
Security appliance and the ISE server:

WSA Client Certificate – Used by the ISE server to authenticate the Web Security appliance.

ISE Admin Certificate – Used by the Web Security appliance to authenticate the ISE server on 
port 443 for bulk download of ISE user-profile data.

ISE pxGrid Certificate – Used by the Web Security appliance to authenticate the ISE server on 
port 5222 for WSA-ISE data subscription (on-going publish/subscribe queries to the ISE server).