For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Srirengaa's avatar
Srirengaa
Icon for Cirrus rankCirrus
Mar 06, 2023

I have ISE 2.6 and 3.1, but some specific networks in this segment should send to ISE3.1 Pool member

💎Solution : Using i-RULE or Policies to solve the above issue Step 1: For ISE 2.6 and ISE 3.1, pool members should already be defined. Local Traffic -> Pools -> Step 2: Under Data ...
application delivery
ise
Leslie_Hubertus's avatar
Leslie_Hubertus
Ret. Employee
Mar 10, 2023

Thanks so much for this, Srirengaa!

Could you please add a little more detail around the problem you are solving? If you can, I'd like to promote this to a CrowdSRC CodeShare post, so that more people can see the solution you've shared. 

  • Srirengaa's avatar
    Srirengaa
    Icon for Cirrus rankCirrus
    Mar 14, 2023

    Sure Leslie

    Here the Problem statement - I am using the ISE 2.6 version in production and have concurrently built 3.1 ISE nodes; the legacy 2.6 nodes should be decommissioned and replaced with the 3.1 version, but testing has not been completed.
    How can we test ISE 3.1 guest portal access using both 2.6 and 3.1 ISE nodes without affecting the production environment? This is the changellence, and i found a solution by combining i-rules and data groups to complete the tasks.

    • Srirengaa's avatar
      Srirengaa
      Icon for Cirrus rankCirrus
      Mar 14, 2023

      When the source segment matches the datagroup, the traffic is routed to ISE3.1, and the remaining traffic is routed through 2.6 nodes.

      Example: I'm coming from 10.10.10.10 source IP and told i-rule to look for matching IPs in the datagroup and forward traffic to ISE3.1 if any matches are found.