Cisco ISE 2.1 Live

Jay233 · ‎12-02-2016

Cisco ISE Live Update locations allow you to automatically download Supplicant Provisioning Wizard, Cisco NAC Agent for Windows and Mac OS X, AV/AS support (Compliance Module), and agent installer packages that support client provisioning and posture policy services. These live update portals should be configured in Cisco ISE upon initial deployment to retrieve the latest client provisioning and posture software directly from Cisco.com to the Cisco ISE appliance.

Hi All,

My question: What's the security impact on opening the Cisco ISE live update internet feature, I know this can be done manually if no internet is available but has anyone done any kind of security analysis on this ISE update feed service or how it actually works.

https://ise.cisco.com:8443/feedserver/feed/serverinfo?ISE_VERSION=2.1.0.474:

**Please ensure that the certificate store on ISE has a valid and enabled entry for either the root certificate or the intermediate certificate for the SSL server certificate chain of Cisco ISE feed server. **Please ensure that Proxy settings are configured if needed to reach Feed Server.

Thanks in advance for your reply.

nspasov · ‎12-07-2016

It is a secured connection so I personally don't have a problem with opening access for ISE for that service. With that said, I have had customers that did not feel comfortable exposing the ISE server to the Internet so they went with the manual process.

With that said, there are a couple of other services that can't be updated manually and do require Internet service. The first two that come to mind are:

- SMS Gateway

- Smart Call Home

I hope this helps!

Thank you for rating helpful posts!