ISE 2.0 New Features

Started by deanwebb, January 08, 2016, 07:35:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanwebb

January 08, 2016, 07:35:11 PM
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/release_notes/ise20_rn.html

TACACS: ISE now does TACACS, but requires the Device Administration license as a separate add-on license. One license will cover your deployment.

More 3rd Party Device Support: Aruba, HP, Brocade... well... the last two won't support posturing.

TrustSec Dashboard - lots of TrustSec tools, actually. Now includes automatic SGT creation.

Location Based Authorization - Ties in with MSE to define zones a person is allowed to access the network in.

More LDAP/AD support: added Boolean Attribute data to be used in policies.

Supports EAP-TTLS. That's better than EAP-TLS.

KVM Hypervisor support.

It now sends telemetry data to Cisco.  ??? OK, you can opt out of it, but it's supposed to help Cisco improve the product and its services.

Certificate stuff - a provisioning portal, template extension, internal CA, certs for ASA VPN users

GUI-based upgrade program

IronPort tunnel for advanced troubleshooting... Cisco uses the tunnel to connect to ISE in your deployment when they need to troubleshoot it. Again, ???, but again, this can be an opt-out and TAC can't log in without your involvement.

MDM enhancements - including support for Meraki!

Guest, Profiler, and Posture enhancements

FIPS support.  :rofl: Please, folks, don't use FIPS unless you absolutely have to and you have the order from the general himself - in writing - to turn that stuff on.

Support for IPv6

***

And, there's now new licensing stuff! From the page:

Licenses apply to wireless and VPN only, or Wired only for LAN deployments. It is supplied in different packages as Base, Plus, Plus AC, Apex, Apex AC, Device Administration, Mobility, and Mobility Upgrade.

:zomgwtfbbq:

And I thought ISE licensing was tricky back with 1.2...  wow...

I use ForeScout CounterACT for my firm's NAC solution, but I do like to keep up on developments in the field. Hope this helps.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

#1
January 10, 2016, 07:25:50 PM
Why the hate for FIPS? Am I missing something?

-Otanx

deanwebb

#2
January 10, 2016, 09:03:25 PM
Well, for starters, it's quite a lot more security than most firms need. Diminishing returns and all that.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions