Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleNote

If your outbound member is a Grid Master Candidate and in case the Grid Master Candidate is promoted to the Grid Master, make sure that you modify the outbound member to the Grid Master on the endpoint configuration to avoid any outbound notification failures. For information, see Modifying Outbound Endpoint Configuration

      • Current Grid Master: Click this to use the Grid Master to send outbound notifications to the endpoint. When you use the Grid Master as the outbound member, ensure that it has enough CPU and memory to process all the workloads and processes, in addition to being an outbound member. Infoblox recommends that you use the Grid Master as an outbound member only for testing purposes to avoid overloading the Grid Master and to maintain optimal performance for the Grid.
    • Comment: Enter additional information about the REST API endpoint.
    • Disable: Select this if you want to save the configuration but do not want to use it yet. You can clear this check box checkbox when you are ready to use this configuration.

...

    • Name: Specify the name used to identify the endpoint.

    • Vendor Type: The DXL vendor type associated with the endpoint. This is optional.

    • Client Certificate: Click Generate to generate and upload both the client and CA certificates of the endpoint on NIOS. When you click Generate, the client certificate is automatically uploaded on NIOS and a copy of CA certificate is downloaded. Import this downloaded CA certificate to the DXL server. For information about how to import the CA certificate, refer to the McAfee documentation. If you already have the client certificate, you can upload it by clicking the Upload icon. Click Upload to upload the client certificate. In the Upload dialog box, click Select to navigate to the certificate, and then click Upload

    • CA Certificates: Click CA Certificates to upload the broker Certificate. Download the broker certificate from the DXL server and upload it to NIOS. In the CA Certificates dialog box, click the Add icon, and then navigate to the certificate to upload it.

    • WAPI Integration Username: If you have included at least one “wapi” related field in your action template, you must configure WAPI integration; otherwise, the WAPI step will fail due to an authorization error. Enter the username of the admin user you want to designate for DXL notifications.

    • WAPI Integration Password: Enter the password of the admin user you have designated for DXL notifications.

    • Member Source outbound API requests from: Select one of the following to process for sending outbound notifications:

        • Selected Grid Master Candidate (Recommended): Select this to use the Grid Master Candidate to process and send outbound notifications to the endpoint. If there are multiple Grid Master candidates, select a Grid Master Candidate from the drop-down list. This is the recommended choice and is selected by default because the CPU and memory required for processing and sending outbound events from the Grid Master Candidate can be offloaded or manually load balanced across multiple Grid Master Candidates if required.

          Note
          titleNote

          If your outbound member is a Grid Master Candidate and in case the Grid Master Candidate is promoted to the Grid Master, make sure that you modify the outbound member to the Grid Master on the endpoint configuration to avoid any outbound notification failures. For information, see Modifying Outbound Endpoint Configuration.


        • Current Grid Master: Click this to use the Grid Master to send outbound notifications to the endpoint. When you use the Grid Master as the outbound member, ensure that it has enough CPU and memory to process all the workloads and processes, in addition to being an outbound member. Infoblox recommends that you use the Grid Master as an outbound member only for testing purposes to avoid overloading the Grid Master and to maintain optimal performance for the Grid.
    • Comment: Enter additional information about the DXL endpoint.
    • Disable: Select this if you want to save the configuration but do not want to use it yet. You can clear this check box checkbox when you are ready to use this configuration.

...

  1. From the Grid/System tab, select the Ecosystem tab -> Outbound Endpoint tab and then click Add -> Add Syslog Endpoint from the Toolbar.
  2. In the Add Syslog Endpoint wizard:
    • Name: Specify a name for the endpoint.
    • Click the + icon to add a syslog address:
    • Address: Enter the IP address of the syslog server.
    • Transport: Select the connection type that the syslog server will use. Supported types are UDP, TCP, and Secure TCP. If you select TCP or UDP, the default port number is 514 and you do not need to upload a certificate. If you select Secure TCPthe default port number is 6514 and  you need to upload a certificate.
    • Certificate: If you selected Secure TCP, you must upload an HTTPS or a CA certificate. For more information, see Managing Certificates.
    • Port: Specify the port number that the syslog server will use to communicate with NIOS.
    • Message Format: Select the format of the sys log message. If you select Formatted, you must specify the facility and severity to be sent in the syslog message header.
    • Host Name: If you selected Formatted as the message format, then the value that you select from the Host Name drop-down list is sent in the syslog message header.
    • Facility: Select the location that determines the processes and daemons from which the log messages are generated.
    • Severity: Select a severity for the syslog message. The severity type that you select is sent in the syslog message header.
    • Click Add. The syslog server details are added to the table. You can add more syslog addresses by clicking the + icon. You can also generate a test syslog notification by clicking Test.
    • Vendor Type: Select the vendor information for the endpoint.
    • WAPIIntegrationUsername: If you have included at least one "wapi" related field in your action template, you must configure WAPI integration; otherwise the WAPI step fails due to an authorization error. Enter the user name of the admin user you want to designate for Syslog outbound notifications. The appliance ignores the AuthUsername and AuthPassword for WAPI related steps in any action templates if WAPI integration is configured.
    • WAPIIntegrationPassword: Enter the password of the admin user you have designated for Syslog outbound notifications.
    • MemberSourceoutboundAPIrequestsfrom: Select the one of the following to process and send outbound notifications:
    • Comment: Enter additional information about the REST API endpoint.
    • Disable: Select this if you want to save the configuration but do not want to use it yet. You can clear this check box checkbox when you are ready to use this configuration.
  3. Click Next to set the duration of time that the endpoint waits for a response from the outbound member. Complete the following to specify session timeout value:
    1. Timeout: Specify the session timeout value for the endpoint. The default value is 30 seconds.
    2. Template: Click Select Template to select a session management template. 
    3. Vendor Type: Displays the vendor information for the endpoint.
    4. Template Type: Displays Session Management or Action based on the template you select.
    5. Parameters: Displays the parameters of the template you select. You can access these values in the notification rules.
  4. Click Next to add extensible attributes for the endpoint. For information, see Managing Extensible Attributes.
  5. Save the configuration.

...

  1. From the Grid/System tab, select the Ecosystem tab -> Outbound Endpoint tab and then click Add -> Add Cisco ISE Endpoint from the Toolbar.
  2. In the Add Cisco ISE Endpoint wizard:
    • Server AddressEnter the IP address of the Cisco ISE.
    • Name: Specify a name for the endpoint.
    • Subscribing Member: Select a Grid Master Candidate that you want to subscribe as the client on the Cisco ISE. Or you can select the current Grid Master as the subscribing member. This member interacts with the Cisco ISE to obtain contextual information for the subscribed data types.
    • Vendor TypeThe vendor type associated with the endpoint. This is optional.
    • Client Certificate: Click Select to upload the client certificate. In the Upload dialog box, click Select to navigate to the certificate, and then click Upload.
    • Manage Certificates: Click CA Certificates to upload the self-signed certificate or CA certificate. In the CA Certificates dialog box, click the Add icon, and then navigate to the certificate to upload it.
    • WAPIIntegrationUsername: If you have included at least one "wapi" related field in your action template, you must configure WAPI integration; otherwise the WAPI step fails due to an authorization error. Enter the user name of the admin user you want to designate for Cisco ISE outbound notifications. The appliance ignores the AuthUsername and AuthPassword for WAPI related steps in any action templates if WAPI integration is configured.
    • WAPI Integration Password: Enter the password of the admin user you have designated for Cisco ISE outbound notifications.
    • Test Connection: Click this to validate the endpoint settings and test the connectivity between the Grid Master and the endpoint. It also validates the certificate that you uploaded. It does not test the connection between the Grid Master Candidate that is assigned as the outbound member and the endpoint. Grid Manager displays a message indicating whether the connection is successful. Note that the test does not validate the user name and password for the endpoint. It only tests the basic connection between the Grid Master and the endpoint and validates the certificate.
    • Comment: Enter additional information about the Cisco ISE endpoint.
    • Disable: Select this check box checkbox if you want to save the configuration but do not want to use it yet. You can clear this check box checkbox when you are ready to use this configuration.
    • Click Next to set the duration of time that the endpoint waits for a response from the outbound member. Complete the following to specify session timeout value:
      1. Timeout: Specify the session timeout value for the endpoint. The default value is 30 seconds.
      2. Template: Click Select Template to select a session management template. 
      3. Vendor Type: Displays the vendor information for the endpoint.
      4. Template Type: Displays Session Management or Action based on the template you select.
      5. Parameters: Displays the parameters of the template you select. You can access these values in the notification rules.
  3. Click Next to specify the data types that you are interested to obtain from the Cisco ISE. The Cisco ISE shares information only for the subscribed data types. Complete the following to specify data types you want to collect from the Cisco ISE server:
    • Subscription Settings: Select the predefined data types to which you want to subscribe from the Available Data Type table. Use the arrows to move data types from the Available Data Type table to the Selected Data Type table. NIOS receives information for all data types in the Selected Data Type table.
    • Map other data types to Extensible Attributes: You can create extensible attributes and map these extensible attributes to receive additional Cisco ISE data values, such as IP address, MAC, NAS IP Address, NAS Port ID, EPS Status, Posture Status, Posture Timestamp, Endpoint Profile Name, Account Session ID, and Audit Session ID. Click the Add icon and map a Cisco ISE data type to an extensible attribute. You can also select a row and click the Delete icon to delete it.
  4. Click Next to add data types that you want to publish to the Cisco ISE server. Use the arrows to move data types from the Available table to the Selected table. NIOS publishes information only for the data types that are added in the Selected table.
  5. Click Next to add extensible attributes for the endpoint. For information, see Managing Extensible Attributes.
  6. Save the configuration.

...

  1. From the Grid/System tab, select the Ecosystem tab -> Outbound Endpoint tab, click the Action icon next to the endpoint name and select Edit from the menu.
  2. The <Endpoint Name> Endpoint editor provides the following tabs from which you can modify data:
    • General: You can modify the general information of an endpoint, as described in Configuring Outbound Endpoints.
    • Brokers: You can modify the DXL broker configuration, as described in  Configuring DXL Endpoints. This tab is available only for DXL endpoints.
    • Session Management: You can edit the session timeout value and upload a new session management template.
    • Extensible Attributes: You can add, modify, and delete extensible attributes that are associated with an endpoint. For information, see Managing Extensible Attributes.
  3. Save the configuration.

...