Cisco Cisco Web Security Appliance S660 Guida Utente

This release of AsyncOS does not support Connector mode; however, when operating in 
Connector mode, ISE-specific options remain visible and apparently available. However, do 
not attempt to use the ISE features.

Be sure the ISE server is configured appropriately for WSA access; see 

Obtain ISE server connection information.

Obtain valid ISE-related certificates (client, Portal and pxGrid) and keys. See also 

 for related information.

Choose Network > Identification Service Engine.

Click Edit Settings. 

Check Enable ISE Service.

Identify the ISE Server using its host name or IPv4 address.

Provide a WSA Client Certificate for WSA-ISE server mutual authentication:

This must be a CA trusted-root certificate. See 

 for related 

information.

For both the certificate and the key, click Choose and browse to the respective file.

If the Key is Encrypted, check this box.

Click Upload Files. (See 

 for 

additional information about this option.)

Click Generate New Certificate and Key. (See 

for additional information about this option.)

Download the WSA Client Certificate, save it, and then upload it to the ISE server host (Administration 
> Certificates > Trusted Certificates > Import on the specified server).  

Provide an ISE Admin Certificate for use in bulk download of ISE user-profile data to the WSA.

Browse to and select the certificate file, and then click Upload Files. See 

 for additional information.

Provide an ISE pxGrid Certificate for WSA-ISE data subscription (on-going queries to the ISE server).

Browse to and select the certificate file, and then click Upload Files. See 

 for additional information.