Cisco Cisco Web Security Appliance S170 Guía Del Usuario
8-6
AsyncOS 10.0 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Connect to the ISE Services
Connect to the ISE Services
Before You Begin
•
Be sure each ISE server is configured appropriately for WSA access; see
•
Obtain ISE server connection information.
•
Obtain valid ISE-related certificates (client, Portal and pxGrid) and keys. See also
for related information.
Step 1
Choose Network > Identification Service Engine.
Step 2
Click Edit Settings.
Step 3
Check Enable ISE Service.
Step 4
Identify the Primary ISE pxGrid Node using its host name or IPv4 address.
a.
Provide an ISE pxGrid Node Certificate for WSA-ISE data subscription (on-going queries to the
ISE server).
ISE server).
Browse to and select the certificate file, and then click Upload File. See
for additional information.
Step 5
If using a second ISE server for failover, identify the Secondary ISE pxGrid Node using its host name
or IPv4 address.
or IPv4 address.
a.
Provide the secondary ISE pxGrid Node Certificate.
Browse to and select the certificate file, and then click Upload File. See
for additional information.
Note
During failover from primary to secondary ISE servers, any user not in the existing ISE SGT
cache will be required to authenticate, or will be assigned Guest authorization, depending on
your WSA configuration. After ISE failover is complete, normal ISE authentication resumes.
cache will be required to authenticate, or will be assigned Guest authorization, depending on
your WSA configuration. After ISE failover is complete, normal ISE authentication resumes.
Step 6
Upload the ISE Monitoring Node Admin Certificates:
a.
Provide the Primary ISE Monitoring Node Admin Certificate for use in bulk download of ISE
user-profile data to the WSA.
user-profile data to the WSA.
Browse to and select the certificate file, and then click Upload File. See
for additional information.
b.
If using a second ISE server for failover, provide the Secondary ISE Monitoring Node
Admin Certificate.
Admin Certificate.
Step 7
Provide a WSA Client Certificate for WSA-ISE server mutual authentication:
Note
This must be a CA trusted-root certificate. See
for
related information.
•
Use Uploaded Certificate and Key
For both the certificate and the key, click Choose and browse to the respective file.
If the Key is Encrypted, check this box.