What is new in Cisco ISE 3.2

What is New ISE 3.2?

The new licensed Cisco ISE 3.2 (Identity Services Engine) is a network administration product that provides secure access to network resources. It is a policy-based access control system that enables organizations to centrally manage and enforce security policies across a distributed network infrastructure. Cisco ISE allows network administrators to control access to the network based on the user, device, location, and other factors.

What is New in Cisco ISE 3.2

Cisco ISE can be used to authenticate and authorize users and devices, enforce security policies, and provide detailed reporting on network activity. It can also integrate with other Cisco security products, such as firewalls, VPNs, and intrusion prevention systems, to provide a comprehensive security solution.

The new Cisco licensed ISE supports multiple authentication methods, including 802.1X, MAC authentication bypass, web authentication, and guest access. It also supports a range of network devices, including wired and wireless endpoints, routers, switches, and firewalls.

The new features of Cisco ISE

• ISE for 5G Networks
• Cloud Platform Support
• Oracle Cloud Infrastructure
• Code Automation Support in ISE 3.2
• Cisco pxGrid Direct (EDDA) OpenAPIs
• OpenAPI Specification for ISE ERS APIs
• Provision an ISE 3.2 Beta VM in Microsoft
• Cisco pxGrid Direct (EDDA) with Service Now
• Zero Touch Provisioning (ZTP) Security Updates
• 1X with OAuth-ROPC to Azure AD in ISE 3.0
• EAP-TLS & TEAP Authorization with Microsoft Azure Active Directory

In the following we will introduce some of these new items:

Provision an ISE 3.2 Beta VM in Microsoft

To provision a Cisco ISE 3.2 VM in Microsoft Azure, you can follow the steps below:

• Log in to the Azure portal and select “Create a resource” from the top-left corner of the dashboard.
• In the search bar, type “Cisco ISE” and select “Cisco ISE 3.1” from the list of available resources.
• Click on “Create” to begin the provisioning process.
• In the “Basics” tab, enter the basic details such as resource group, virtual machine name, username, and password.
• Select the appropriate region and the virtual machine size that meets your requirements.
• In the “Networking” tab, configure the virtual network and subnet where you want to deploy the Cisco ISE VM.
• In the “Management” tab, configure the management options such as Azure monitoring, backup, and SSH access.
• In the “Advanced” tab, configure any additional options such as extensions, boot diagnostics, and guest OS settings.
• Review and confirm your settings, then click “Create” to provision the VM.
• Once the VM is provisioned, you can connect to it using remote desktop or SSH and configure Cisco ISE according to your requirements.
• It is important to note that Cisco ISE requires a minimum of 4 vCPUs, 16 GB of RAM, and 250 GB of storage for optimal performance. Additionally, you will need to obtain a valid Cisco ISE license and configure the necessary network and security settings to ensure secure access to the ISE VM.

Cloud Platform Support in Cisco ISE 3.2

Cisco Identity Services Engine (ISE) 3.2 is a network security policy management and access control solution that now includes support for cloud platforms. This means that Cisco ISE 3.2 can integrate with and authenticate users from cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI). This allows organizations to extend their network security policies and access control to cloud environments, enabling secure access to cloud resources.

Oracle Cloud Infrastructure in Cisco ISE 3.2

Cisco ISE 3.2 now supports integration with Oracle Cloud Infrastructure (OCI), which is Oracle’s cloud computing platform. This integration allows organizations to use Cisco ISE as a central point for authentication and access control for users accessing resources in OCI. It enables organizations to enforce consistent security policies across both on-premises and cloud environments, ensuring secure access to OCI resources.

Zero Touch Provisioning (ZTP) Security Updates in Cisco ISE 3.2

Zero Touch Provisioning (ZTP) is a feature in Cisco ISE that allows for automated provisioning and deployment of network devices. In Cisco ISE 3.2, there are security updates to ZTP, which enhance the security of the provisioning process. These updates may include improved authentication and authorization mechanisms, enhanced encryption, and other security measures to ensure that the ZTP process is secure and protected against unauthorized access.

802.1X with OAuth-ROPC to Azure AD in ISE 3.0

Cisco ISE 3.0 now supports 802.1X authentication with OAuth-ROPC (Resource Owner Password Credentials) to Microsoft Azure Active Directory (AD). This allows organizations to use Azure AD as an external identity provider for authenticating users connecting to the network using the 802.1X protocol. OAuth-ROPC allows users to authenticate using their Azure AD credentials, providing a secure and seamless authentication experience.

EAP-TLS & TEAP Authorization with Microsoft Azure Active Directory

Cisco ISE supports authorization using the EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) and TEAP (Tunnel Extensible Authentication Protocol) protocols with Microsoft Azure AD. This means that after a user has been authenticated using EAP-TLS or TEAP, Cisco ISE can perform authorization checks against Azure AD to determine the user’s access rights and enforce appropriate network access policies. This allows organizations to leverage Azure AD as an external authorization source for securing network access using EAP-TLS and TEAP authentication methods.