Download presentation
Presentation is loading. Please wait.
Published byΒενέδικτος Βαμβακάς Modified over 6 years ago
1
Stealthwatch 6.9 & ISE 2.2 Integration Instructions – draft 3
November 11, 2016
2
Step 1 – Download System Certificate from ISE
ISE PIC: Certificate > System Certificates Select the Certificate Issued by Certificate Services Endpoint Sub CA – ise-pic-4 and select Export Select Export Certificate Only A .pem file is downloaded to the system Note: You may need to unblock pop-up menus for the download
3
Step 2 – Generate PKCS12 Bundle Certificates on ISE / ISE-PIC
ISE: Work Centers > PassiveID > Subscribers > Certificates PIC: Subscribers > Certificates Select “Generate a single certificate (without a certificate signing request)” The Common Name will be used to name the exported file and used in the certificate. It is recommended that you add a SAN for the SMC’s IP address and FQDN Select PKCS12 format This password will be requested when uploading to the Stealthwatch SMC A .zip file will be created. Unzip this file to access the .p12 file. Note: You may need to unblock pop-up menus for the download
4
Step 3 – Navigate to Administer Appliance
Select the Administer Appliance Menu from the Global Settings icon. The Admin screen will appear in a separate tab of your browser
5
Step 4 – Upload the Certificate Authority Certificate
SW (Admin Appliance): Configuration > Certificate Authority Certificates Upload .pem file previously downloaded from ISE and select Add Certificate. The Cerfificate will then appear in the records displayed at the top of the screen.
6
Step 5 – Upload SSL Client Certificate in Stealthwatch
SW (Admin Appliance): Configuration > SSL Certificate IMPORTANT: Scroll to the Upload PCKS12 Bundle section to create a friendly name, add password and upload the .p12 file.
7
Step 6 – Complete ISE Configuration Setup
SW: Deploy > Cisco ISE Configuration The Cluster Name will be used to refer to the ISE Cluster in the Stealthwatch UI The Friendlsy name for the uploaded .p12 Certificate file will be available here A Primary pxGrid Node is required for the configuration. A secondary pxGrid Node can be added for High Availability The User Name will appear as the Subscriber’s Client Name in ISE. The connection can not be finalized until this Client is accepted on ISE Save the configuration to send the information necessary to create and accept the Subscriber in ISE.
8
Step 7 – Accept the Subscriber in ISE
ISE-PIC: Subscribers > Clients ISE: Administration > pxGrid Services Select the Subscriber’s Client name and select the “Approve” option
9
Step 8 – Refresh Config Page and Confirm Connectivity
SW: Deploy > Cisco ISE Configuration The connection status shows green when Stealthwatch and ISE are communicating. If yellow, hover over the status indicator for more information
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.