Cisco Identity Services Engine (ISE) 3.2 Patch2 发布 - 思科身份服务引擎
Cisco Identity Services Engine (ISE) 3.2 Patch2 发布 - 思科身份服务引擎
请访问原文链接:https://sysin.org/blog/cisco-ise-3/,查看最新版。原创作品,转载请保留出处。
作者主页:sysin.org
工作场所零信任安全的核心所在
任何零信任策略的一个关键组成部分是确保所有人和所有设备所连接的办公环境的安全。思科身份服务引擎 (ISE) 支持动态和自动化的策略实施方法,可简化高度安全的网络访问控制服务的交付流程 (sysin)。ISE 支持软件定义接入,并自动化 IT 和 OT 环境中的网络分段。
最新动态
隆重推出 ISE 3.0
新增了部分创新内容以简化并加快安全保护进程:无需代理,即可提供可视性并保障合规性 (sysin);提供高度安全的从云端接入网络;以及提供具备引导式工作流程的新 UI。
消除网络分段的复杂性 (PDF)
请阅读 ESG 白皮书,了解设备识别和自动化方面的进展如何让分段更容易实现。
ISE 再次入围
ISE 被评为 2020 年 SC 奖“最佳 NAC 解决方案”的“值得信赖奖”下的最佳解决方案,这是其五年来第四次荣获此殊荣。
思科荣获全球 NAC 奖 (PDF)
网络访问控制 (NAC) 是基本的网络安全防御手段。了解思科为何能获得 Frost & Sullivan 颁布的“2020 年全球 NAC 市场领导奖”。
为什么要使用 ISE 来实现安全访问?
-
获得可视性、情景感知能力和可控性
了解正在连接终端和设备的用户、设备、位置以及连接方式。无论设备是否使用了代理,其都可以深入调查设备,以确保合规性并降低风险。
-
扩展零信任以遏制威胁
软件定义的网络分段可降低安全隐患,限制勒索软件的传播,并快速遏制威胁。
-
加速现有解决方案的价值转化之旅
与思科和第三方解决方案集成,在被动安全解决方案中引入主动保护功能,并提高投资回报率 (ROI)。
-
迈出安全访问的下一步
ISE 为 Cisco DNA Center 内的策略控制奠定了基础,是 SD-Access 的关键所在。
网络分段和可视性提供了可量化的 ROI
思科 ISE 提供简化的可扩展网络访问,有助于实现更强的安全态势。ISE 客户达成以下成果:
160 万美元
在三年内通过避免发生安全事件平均节省了 160 万美元
200 小时
修复重大网络安全事件所花费的时间平均减少了 200 小时
98%
实施网络更改的耗时平均缩短 98%
通向下一代安全网络访问解决方案的路径
通过提供满足当今数字化需求的功能,ISE 实现网络转型。
动态可视性:及时了解最新的威胁,维护零信任办公场所。
网络分段:提高工作效率并减少安全隐患。
自动遏制威胁:此功能将消除威胁,而不仅仅是拦截威胁。
访客接入和安全无线接入:轻松激活并设置。
安全的有线访问:通过网络连接实施一致的策略。
设备合规性:查找并修复忽视安全策略的设备。
与安全生态系统集成:提高现有解决方案的 ROI。
自带设备 (BYOD):用户客户使用他们想要的设备,无需担心安全问题。
思科安全服务
借助思科安全服务,让 ISE 部署步入正轨。
与我们联系
您可以通过我们与您的同行建立联系,并详细了解您感兴趣的安全主题。
集成多种解决方案
思科 ISE 技术合作伙伴
通过情景数据和实施活动来改进操作和网络防御。
思科安全技术联盟
查看与思科安全产品集成的所有技术合作伙伴。
Cisco Platform Exchange Grid (pxGrid)
这个开放、可扩展且由 IETF 标准驱动的平台可助您实现安全防护自动化,从而更快地获取应答并遏制威胁。
选择很简单
安全选项企业协议 (EA) 从未如此灵活。它易于管理,可以帮助您更快地响应安全挑战。
资源
产品手册和资料
产品手册公告案例研究概述生命周期终止和销售终止通知白皮书解决方案概述销售资源问题解答
了解部署方式
- ISE 设备管理
- ISE 访客和安全 Wi-Fi
- ISE 资产可视性
- ISE 自带设备 (BYOD)
- ISE 安全有线接入
- ISE 分段
- ISE 合规性
- ISE 集成
- ISE 威胁遏制
- 思科 ISE 3.0 许可证常见问题解答
- ISE 3.0 许可证迁移指南
- 观看演示
- 注册参加网络研讨会
- 什么是网络分段?
支持
ISE 3.2 更新说明
Table: New and Changed Features in Cisco ISE Release 3.2
| Feature | Description |
|---|---|
| Posture Condition Script Support | You can create and upload a posture condition script to check the compliance status of an endpoint. This feature is supported for Windows, macOS, and Linux platforms. See Add a Script Condition. |
| Cisco AnyConnect Rebranding | Cisco AnyConnect is rebranded as Cisco Secure Client. Cisco ISE 3.2 supports both the rebranded and legacy agents even though the Cisco ISE GUI is updated to use the rebranded terminology. See Compliance. |
| System 360 | System 360 includes Monitoring and Log Analytics. The Monitoring feature enables you to monitor a wide range of application and system statistics, and key performance indicators (KPI) of all the nodes in a deployment from a centralized console. KPIs are useful to gain insight into the overall health of the node environment. Statistics offer a simplified representation of the system configurations and utilization-specific data. Cisco ISE 3.2 and later releases are integrated with Grafana and Prometheus. Grafana is a third-party metrics dashboard and graph editor. It provides a graphical or text-based representation of statistics and counters collected in the Prometheus database. Prometheus is used as the datastore to store the KPIs in time-series format. Log Analytics provides a flexible analytics system for in-depth analysis of endpoint authentication, authorization, and accounting (AAA) and posture syslog data. You can also analyze ISE health summary and ISE process statuses. Kibana, an open-source data visualization platform, is used to analyze and visualize the syslog data. Elasticsearch is used to store and index the syslog data. See System 360. |
| Mobile Device Management Enhancement | You can configure the General MDM or UEM Settings to query multiple MDM servers when the endpoints are not registered with the primary MDM or UEM server, or the primary MDM or UEM server is not reachable. See Configure General MDM or UEM Settings. |
| Open API Specification for ERS APIs | The Open API specification (JSON file) for ERS APIs is available for download in the Cisco ISE GUI, in the Overview section of the API Settings window (Administration > System > Settings > API Settings > Overview. This Open API JSON file can be used for auto-generation of API client code using any programming language such as Python, JAVA and so on. For additional information about Open API specifications and tools, see https://openapi.tools/. See Open API Specification for ERS APIs. |
| ERS APIs PATCH Request Support | Cisco ISE now supports PATCH request for ERS APIs. PATCH request helps in updating a subset of attributes for a resource. Only the attributes sent as part of the request are updated instead of updating the entire configuration for that resource. For more details, see API Reference Guide. |
| Single Entry for endpoints with GUID in the Endpoints context visibility window | In the Cisco ISE GUI, in the Context Visibility > Endpoints window, an endpoint with a GUID is listed only once with its latest random MAC address. See Single Entry for Endpoints with GUID in Endpoint Context Visibility Window. |
| View Cisco ISE in Default or Dark Mode | You can now view Cisco ISE in default (light) or dark mode. Choose the default or dark mode from the Account Settings dialog box in the Cisco ISE administrator portal. See Apply Default or Dark Mode in Cisco ISE. |
| EAP-TLS and TEAP Authentication with Azure Active Directory | Cisco ISE supports certificate-based authentication and Azure Active Directory authorization.You can select attributes from Azure Active Directory and add them to the Cisco ISE dictionary for use in authorization policies. See EAP-TLS and TEAP Authentication with Azure Active Directory |
| Managing Passwords of Cisco ISE Users | From Cisco ISE Release 3.2, as an internal user of Cisco ISE, you can manage the lifetime of your Enable and Login passwords using the Password Lifetime option. See Cisco ISE Users. |
| Cisco Private 5G | From Cisco ISE Release 3.2 onwards, Cisco ISE supports Cisco Private 5G and Session Management Function (SMF) software. Cisco ISE provides policy configuration for 5G authorization, that is implemented with RADIUS authorize-only and accounting flows. See Configure Cisco Private 5G as a service |
| Data Connect | The Data Connect feature provides database access to Cisco ISE using an Open Database Connectivity (ODBC) or Java Database Connectivity (JDBC) driver, so that you can directly query the database server to generate reports of your choice. Only read-only access to the data is provided. You can extract any configuration or operational data about your network depending on your business requirement and use it to generate insightful reports and dashboards. See Data Connect. Note If the Data Connect feature is active on your Cisco ISE Release 3.2 Limited Availability release, when you upgrade to the Cisco ISE Release 3.2 General Availability release you must disable and then enable the Data Connect feature. |
| Configuration of Authorization Policies for PassiveID Login Users | Check the Authorization Flow check box in the Active Directory Advanced Settings window if you want to configure authorization policies for PassiveID login users. You can configure an authorization policy to assign an SGT to a user based on the AD group membership. This allows you to create TrustSec policy rules even for PassiveID authorization. See Active Directory Settings. |
| Security Settings Enhancement | When the Allow SHA-1 Ciphers option (under Administration > System > Settings > Security Settings) is enabled, Cisco ISE allows SHA-1 ciphers for communication with the following Cisco ISE components: Admin Access UI Cisco ISE Portals ERS pxGrid This option is disabled by default. When you upgrade to Cisco ISE Release 3.2, the Allow SHA-1 Ciphers option is disabled even if you have enabled this option before the upgrade. You can enable this option after the upgrade if you want to allow the clients with only SHA-1 ciphers to communicate with Cisco ISE. You must restart all the nodes in a deployment after enabling or disabling this option. See Configure Security Settings. |
| Endpoint and Logical Profile Summary Report | This report lists the logical and endpoint profiles, and the number of endpoints matching those profiles. See Available Reports. |
| pxGrid Direct | Cisco pxGrid Direct helps you to connect to external REST APIs that provide JSON data for endpoint attributes. The data that are collected is based on the attributes your specify in your pxGrid Direct configurations. Then, pxGrid Direct stores the collected data in the Cisco ISE database. This data can be used in the authorization policies. pxGrid Direct helps to evaluate and authorize the endpoints faster as the fetched data is used in the authorization policies. This eliminates the need to query for endpoint attribute data each time an endpoint must be authorized. See Cisco pxGrid Direct. |
下载地址
Cisco ISE Software Version 3.2 full installation.
This ISO file can be used for installing ISE on ISE-35x5 Appliances, SNS-36x5 Servers as well as a VM installation on VMware.
Filename: ise-3.2.0.542.SPA.x86_64.iso
Release date: 06-Sep-2022
Size: 13757.31 MB
MD5: d0eac7d11c60d8ba20dd41693f1725b5
| Image | File Information | Release Date | Size |
|---|---|---|---|
| ise-3.2.0.542.SPA.x86_64.iso✅ | Cisco ISE Software Version 3.2 full installation. This ISO file can be used for installing ISE on ISE-35x5 Appliances, SNS-36x5 Servers as well as a VM installation on VMWare | 06-Sep-2022 | 13757.31 MB |
| ise-upgradebundle-2.7.x-3.1.x-to-3.2.0.542.SPA.x86_64.tar.gz✅ | Upgrade bundle for upgrading ISE version 2.7, 3.0,3.1 to 3.2. This is a signed bundle for image integrity. | 06-Sep-2022 | 15249.28 MB |
| ise-urtbundle-3.2.0.542-1.0.0.SPA.x86_64.tar.gz✅ | Upgrade Readiness Tool (URT) to validate config DB upgrade from 2.7,3.0,3.1 to 3.2. This is a signed bundle for image integrity. | 06-Sep-2022 | 964.17 MB |
| ISE-3.2.0.542-virtual-SNS3615-SNS3655-300.ova✅ | ISE 3.2 OVA file - 300GB disk for Eval, Small, Medium (Recommend for Evaluation, PSN or PxGrid). | 06-Sep-2022 | 21 GB |
| ISE-3.2.0.542-virtual-SNS3615-SNS3655-600.ova❌ | ISE 3.2 OVA file - 600GB disk for Small or Medium (Recommend for PAN or MnT). | 06-Sep-2022 | 21 GB |
| ISE-3.2.0.542-virtual-SNS3655-SNS3695-1200.ova | ISE 3.2 OVA file - 1200GB disk for Medium or Large (Recommend for PAN or MnT). | 06-Sep-2022 | 21 GB |
| ISE-3.2.0.542-virtual-SNS3695-1800.ova❌ | ISE 3.2 OVA file - 1800GB disk for Extra Large (Recommend for PAN or MnT). | 06-Sep-2022 | 21 GB |
| ISE-3.2.0.542-virtual-SNS3695-2400.ova❌ | ISE 3.2 OVA file - 2400GB disk for Extra Large (Recommend for PAN or MnT). | 06-Sep-2022 | 21 GB |
✅:提供下载
❌:文件太大,暂不提供。
