Cisco Cisco Web Security Appliance S680 Guía Del Usuario
8-5
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Connect to the Identity Services Engine Service
Related Topics
•
•
•
Connect to the Identity Services Engine Service
Before You Begin
•
Be sure each ISE server is configured appropriately for WSA access; see
.
•
Obtain ISE server connection information.
•
Obtain valid ISE-related certificates (client, Portal and pxGrid) and keys. See also
for related information.
Step 1
Choose Network > Identification Service Engine.
Step 2
Click Edit Settings.
Step 3
Check Enable ISE Service.
Step 4
Identify the Primary ISE pxGrid Node using its host name or IPv4 address.
a.
Provide an ISE pxGrid Node Certificate for WSA-ISE data subscription (on-going queries to the
ISE server).
ISE server).
Browse to and select the certificate file, and then click Upload File. See
for additional information.
Step 5
If using a second ISE server for failover, identify the Secondary ISE pxGrid Node using its host name
or IPv4 address.
or IPv4 address.
a.
Provide the secondary ISE pxGrid Node Certificate.
Browse to and select the certificate file, and then click Upload File. See
for additional information.
Note
During failover from primary to secondary ISE servers, any user not in the existing ISE SGT
cache will be required to authenticate, or will be assigned Guest authorization, depending on
your WSA configuration. After ISE failover is complete, normal ISE authentication resumes.
cache will be required to authenticate, or will be assigned Guest authorization, depending on
your WSA configuration. After ISE failover is complete, normal ISE authentication resumes.
Step 6
Upload the ISE Monitoring Node Admin Certificates:
a.
Provide the Primary ISE Monitoring Node Admin Certificate for use in bulk download of ISE
user-profile data to the WSA.
user-profile data to the WSA.
Browse to and select the certificate file, and then click Upload File. See
for additional information.
b.
If using a second ISE server for failover, provide the Secondary ISE Monitoring Node
Admin Certificate.
Admin Certificate.