Stealthwatch 6 9 ISE 2 2 Integration Instructions

  • Slides: 9
Download presentation
Stealthwatch 6. 9 & ISE 2. 2 Integration Instructions – draft 3 November 11,

Stealthwatch 6. 9 & ISE 2. 2 Integration Instructions – draft 3 November 11, 2016

Step 1 – Download System Certificate from ISE PIC: Certificate > System Certificates Select

Step 1 – Download System Certificate from ISE PIC: Certificate > System Certificates Select the Certificate Issued by Certificate Services Endpoint Sub CA – ise-pic-4 and select Export Select Export Certificate Only © 2013 -2014 Cisco and/or its affiliates. All rights reserved. A. pem file is downloaded to the system Note: You may need to unblock pop-up menus Cisco Confidential 2

Step 2 – Generate PKCS 12 Bundle Certificates on ISE / ISE -PIC ISE:

Step 2 – Generate PKCS 12 Bundle Certificates on ISE / ISE -PIC ISE: Work Centers > Passive. ID > Subscribers > Certificates PIC: Subscribers > Certificates Select “Generate a single certificate (without a certificate signing request)” The Common Name will be used to name the exported file and used in the certificate. It is recommended that you add a SAN for the SMC’s IP address and FQDN Select PKCS 12 format This password will be requested when uploading to the Stealthwatch SMC © 2013 -2014 Cisco and/or its affiliates. All rights reserved. A. zip file will be created. Unzip this file to access the. p 12 file. Note: You may need to unblock pop-up menus for the Cisco Confidential 3

Step 3 – Navigate to Administer Appliance Select the Administer Appliance Menu from the

Step 3 – Navigate to Administer Appliance Select the Administer Appliance Menu from the Global Settings icon. The Admin screen will appear in a separate tab of your browser © 2013 -2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Step 4 – Upload the Certificate Authority Certificate SW (Admin Appliance): Configuration > Certificate

Step 4 – Upload the Certificate Authority Certificate SW (Admin Appliance): Configuration > Certificate Authority Certificates Upload. pem file previously downloaded from ISE and select Add Certificate. The Cerfificate will then appear in the records displayed at the top of the screen. © 2013 -2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Step 5 – Upload SSL Client Certificate in Stealthwatch SW (Admin Appliance): Configuration >

Step 5 – Upload SSL Client Certificate in Stealthwatch SW (Admin Appliance): Configuration > SSL Certificate IMPORTANT: Scroll to the Upload PCKS 12 Bundle section to create a friendly name, add password and upload the. p 12 file. © 2013 -2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Step 6 – Complete ISE Configuration Setup SW: Deploy > Cisco ISE Configuration The

Step 6 – Complete ISE Configuration Setup SW: Deploy > Cisco ISE Configuration The Cluster Name will be used to refer to the ISE Cluster in the Stealthwatch UI The Friendlsy name for the uploaded. p 12 Certificate file will be available here A Primary px. Grid Node is required for the configuration. A secondary px. Grid Node can be added for High Availability The User Name will appear as the Subscriber’s Client Name in ISE. The connection can not be finalized until this Client is accepted on ISE Save the configuration to send the information necessary to create and accept the Subscriber in ISE. © 2013 -2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Step 7 – Accept the Subscriber in ISE-PIC: Subscribers > Clients ISE: Administration >

Step 7 – Accept the Subscriber in ISE-PIC: Subscribers > Clients ISE: Administration > px. Grid Services Select the Subscriber’s Client name and select the “Approve” option © 2013 -2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Step 8 – Refresh Config Page and Confirm Connectivity SW: Deploy > Cisco ISE

Step 8 – Refresh Config Page and Confirm Connectivity SW: Deploy > Cisco ISE Configuration © 2013 -2014 Cisco and/or its affiliates. All rights reserved. The connection status shows green when Stealthwatch and ISE are communicating. If yellow, hover the status indicator for more information Cisco Confidential 9