Configure Cisco ISE

Configure Guardian firewall integration with the Cisco ISE firewall.

Before you begin

Make sure that you have administrator privileges.

About this task

The integration between Guardian and Cisco ISE lets Cisco customers to extend network access controls and policy enforcement to their operational technology (OT) and Internet of Things (IoT) networks from the Cisco ISE. Guardian uses the pxGrid platform to integrate with Cisco ISE. Along with the client associated with the certificate and the certificate password, you need to upload the identity certificate and the private key. The preferred method of authenticating with the Cisco ISE is to use certificates. Guardian supports authentication with certificates issued by:

Procedure

  1. In the top navigation bar, select Administration icon - which looks like a gear cog
    The administration page opens.
  2. In the Settings section, select Firewall integration.
    The Firewall integration page opens.
  3. In the top right section, select +
    A dialog shows.
  4. From the Choose firewall dropdown, select Cisco ISE.
    A dialog shows.
  5. If it is not populated already, in the Host field, enter the host internet protocol (IP) address.
    Note:
    The host IP address is the IP address of the Cisco ISE firewall that you are configuring.
  6. In the Client name field, enter the name of the client.
    Note:
    The client name is taken from the Cisco ISE pxGrid Services screen on the Cisco ISE Web user interface (UI). For more details, see the appropriate Cisco ISE documentation.
  7. Optional: Authenticate with a Cisco ISE internal CA certificate. select Authenticate with certificate., then enter the password in the Password field.
    1. Select Authenticate with certificate.
    2. In the Password field, enter your password.
  8. Optional: Use a third-party certificate. check the Use third party certificate box, then import the certificate(s), using one of the following methods
    1. Select Use third party certificate.
    2. Choose a method to import the certificate:
    • Import the CA certificate
    • Import the certificate
    • Import the key
  9. If you chose, Import the CA certificate or Import the certificate, continue from step 10 . If you chose Import the key, continue from step 11.
  10. Import the certificate.
    1. Select Import the certificate.
      a dialog shows.
    2. Select the file and import it.
  11. Import the key.
    1. Select Import the key.
    2. Select the file and import it.
  12. Optional: If necessary, in the Options section, select Enable nodes blocking.
  13. Select Save.

Results

The firewall integration has been configured.