Cisco Cisco Web Security Appliance S690 User Guide
8-4
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Tasks for Certifying and Integrating the ISE Service
3
On the ISE server, add
ISE Admin and pxGrid
certificates.
ISE Admin and pxGrid
certificates.
•
Navigate to the Administration > Certificates page, and generate or
upload ISE Admin and pxGrid certificates:
upload ISE Admin and pxGrid certificates:
–
For CA-signed certificates, generate two Certificate Signing
Requests, one each for Admin and pxGrid Usage, and then have
the certificates signed.
Requests, one each for Admin and pxGrid Usage, and then have
the certificates signed.
Upon receipt of the signed certificates, upload both to the
ISE server.
ISE server.
Perform the “Bind the CA Signed Certificate” operation for both.
Be sure to add the CA root certificate to the ISE server’s Trusted
Certificates store.
Certificates store.
Restart the ISE server.
–
For self-signed certificates, navigate to Administration >
Certificates > System Certificates, and generate two Self Signed
Certificates, one each for Admin and pxGrid. (You can also elect
to generate one common certificate for both.)
Certificates > System Certificates, and generate two Self Signed
Certificates, one each for Admin and pxGrid. (You can also elect
to generate one common certificate for both.)
Add both to the Trusted Certificates store.
Export the self-signed certificate(s) for import onto the WSA.
Note
Ensure the appropriate self-signed or CA root certificates for
these ISE Admin and pxGrid certificates are added to the Trusted
Certificates store, as discussed in
these ISE Admin and pxGrid certificates are added to the Trusted
Certificates store, as discussed in
4
Ensure the ISE server is
configured appropriately for
WSA access.
configured appropriately for
WSA access.
Each ISE server must be configured to allow identity topic subscribers
(such as WSA) to obtain session context in real-time. The basic steps are:
(such as WSA) to obtain session context in real-time. The basic steps are:
•
Ensure “Enable Auto Registration” is turned ON (Administration >
pxGrid Services > Top Right).
pxGrid Services > Top Right).
•
Delete all existing WSA clients from the ISE server (Administration
> pxGrid Services > Clients).
> pxGrid Services > Clients).
•
Be sure the ISE server footer (Administration > pxGrid Services)
says “Connected to pxGrid.”
says “Connected to pxGrid.”
•
Configure SGT groups on ISE server (Policy > Results > TrustSec >
Security Groups).
Security Groups).
•
Configure policies that associate the SGT groups with users.
Refer to
more information.
Step
Task
Links to Related Topics and Procedures