Cisco Cisco Web Security Appliance S660 Guida Utente
8-4
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 8 Integrate the Cisco Identity Services Engine
Connect to the Identity Services Engine Service
Connect to the Identity Services Engine Service
Caution
This release of AsyncOS does not support Connector mode; however, when operating in
Connector mode, ISE-specific options remain visible and apparently available. However, do
not attempt to use the ISE features.
Connector mode, ISE-specific options remain visible and apparently available. However, do
not attempt to use the ISE features.
Before You Begin
•
Be sure the ISE server is configured appropriately for WSA access; see
•
Obtain ISE server connection information.
•
Obtain valid ISE-related certificates (client, Portal and pxGrid) and keys. See also
for related information.
Step 1
Choose Network > Identification Service Engine.
Step 2
Click Edit Settings.
Step 3
Check Enable ISE Service.
Step 4
Identify the ISE Server using its host name or IPv4 address.
Step 5
Provide a WSA Client Certificate for WSA-ISE server mutual authentication:
Note
This must be a CA trusted-root certificate. See
for related
information.
•
Use Uploaded Certificate and Key
For both the certificate and the key, click Choose and browse to the respective file.
If the Key is Encrypted, check this box.
Click Upload Files. (See
for
additional information about this option.)
•
Use Generated Certificate and Key
Click Generate New Certificate and Key. (See
for additional information about this option.)
Step 6
Download the WSA Client Certificate, save it, and then upload it to the ISE server host (Administration
> Certificates > Trusted Certificates > Import on the specified server).
> Certificates > Trusted Certificates > Import on the specified server).
Step 7
Provide an ISE Admin Certificate for use in bulk download of ISE user-profile data to the WSA.
Browse to and select the certificate file, and then click Upload Files. See
for additional information.
Step 8
Provide an ISE pxGrid Certificate for WSA-ISE data subscription (on-going queries to the ISE server).
Browse to and select the certificate file, and then click Upload Files. See
for additional information.