Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: deanwebb on January 08, 2016, 07:35:11 PM

Title: ISE 2.0 New Features
Post by: deanwebb on January 08, 2016, 07:35:11 PM
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/release_notes/ise20_rn.html

TACACS: ISE now does TACACS, but requires the Device Administration license as a separate add-on license. One license will cover your deployment.

More 3rd Party Device Support: Aruba, HP, Brocade... well... the last two won't support posturing.

TrustSec Dashboard - lots of TrustSec tools, actually. Now includes automatic SGT creation.

Location Based Authorization - Ties in with MSE to define zones a person is allowed to access the network in.

More LDAP/AD support: added Boolean Attribute data to be used in policies.

Supports EAP-TTLS. That's better than EAP-TLS.

KVM Hypervisor support.

It now sends telemetry data to Cisco.  ??? OK, you can opt out of it, but it's supposed to help Cisco improve the product and its services.

Certificate stuff - a provisioning portal, template extension, internal CA, certs for ASA VPN users

GUI-based upgrade program

IronPort tunnel for advanced troubleshooting... Cisco uses the tunnel to connect to ISE in your deployment when they need to troubleshoot it. Again, ???, but again, this can be an opt-out and TAC can't log in without your involvement.

MDM enhancements - including support for Meraki!

Guest, Profiler, and Posture enhancements

FIPS support.  :rofl: Please, folks, don't use FIPS unless you absolutely have to and you have the order from the general himself - in writing - to turn that stuff on.

Support for IPv6

***

And, there's now new licensing stuff! From the page:

Licenses apply to wireless and VPN only, or Wired only for LAN deployments. It is supplied in different packages as Base, Plus, Plus AC, Apex, Apex AC, Device Administration, Mobility, and Mobility Upgrade.

:zomgwtfbbq:

And I thought ISE licensing was tricky back with 1.2...  wow...

I use ForeScout CounterACT for my firm's NAC solution, but I do like to keep up on developments in the field. Hope this helps.
Title: Re: ISE 2.0 New Features
Post by: Otanx on January 10, 2016, 07:25:50 PM
Why the hate for FIPS? Am I missing something?

-Otanx
Title: Re: ISE 2.0 New Features
Post by: deanwebb on January 10, 2016, 09:03:25 PM
Well, for starters, it's quite a lot more security than most firms need. Diminishing returns and all that.
Text only | Text with Images