Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
2
Replies

Auto Balcklist Endpoint ins ISE

wafikmaher
Level 1
Level 1

‎05-16-2018 10:21 PM - edited ‎02-21-2020 10:56 AM

I was considering the Rapid Threat Containment, by integrating ISE with Firepower. My understanding is that the quarantining action will apply on the current session. So if the user disconnect and connect again, its a new session that will be processed normally. So is there a way to make this permanent for example to add this Endpoint (MAC) to the blacklist Identity Group but is there a way to automatically add an Endpoint to the Blacklist Group.

Note that i am not talking about BYOD, so my device portal is not an option.

Labels:
0 Helpful
2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

‎05-18-2018 02:44 AM

You should be able to use endpoint profiling.

"The profiling service identifies each endpoint on your network, and groups those endpoints according to their profiles to an existing endpoint identity group in the system, or to a new group that you can create in the system."
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_new_chapter_010101.pdf

 

HTH

Bogdan

0 Helpful

wafikmaher
Level 1
Level 1
In response to Bogdan Nita

‎05-19-2018 09:00 PM

Great idea thanks.
If I can find the session:ANCPolicy and session:EPSStatus, that will work.
Also I got an idea to use an authorization profile with redirection to a hotspot guest portal that put the endpoints to an identity group. Will try to test both methods and update.
0 Helpful
Customers Also Viewed These Support Documents