SHA-256 on ISE 3315 ?

Similar Messages

• How can I at-a-glance review a server's SHA-256 fingerprint in Thunderbird?

  All my IMAP sessions are created via SSL/TLS tunnels to the respective servers.
  Thunderbird dutifully highlights that the connection is encrypted with the small grey padlock icon in the folder pane. This is helpful.
  However, I would like to check the SHA-256 finderprint of the server's certificate on a regular basis, at a glance. Is there a way I can easily do this in Thunderbird?

  Hi ITBobbyP,
  If I understand correctly, you want to load data from multiple sheets in an .xlsx file into a SQL Server table.
  If in this scenario, please refer to the following tips:
  The Foreach Loop container should be configured as shown below:
  Enumerator: Foreach ADO.NET Schema Rowset Enumerator
  Connection String: The OLE DB Connection String for the excel file.
  Schema: Tables.
  In the Variable Mapping, map the variable to Sheet_Name, and change the Index from 0 to 2.
  The connection string for Excel Connection Manager is the original one, we needn’t make any change.
  Change Table Name or View name to the variable Sheet_Name.
  If you want to load data from multiple sheets in multiple .xlsx files into a SQL Server table, please refer to following thread:
  http://stackoverflow.com/questions/7411741/how-to-loop-through-excel-files-and-load-them-into-a-database-using-ssis-package
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Cisco ISE-3315-K9 version 1.1.1.268 upgrade to 1.2.0.899

  Hi Dears,
  I have two ISE devices. One of them sofware is 1.1.1.268 and one of them is 1.2.0.899. Now i want upgrade ISE 3315 software   1.1.1268 to 1.2.0.899.
  How can I do that?? Please help me.

  First, Create a repository in the ISE WebGUI by going to Administration > System > Maintenance and clicking Repository on the Left Menu:
  Click the +Add button and then fill out the configuration for the repository:
  Note that my repository name is Upgrade.
  Download the ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz file and place it in the location you configured in your repository.
  Perform a backup of your ISE.
  Install the latest patches for v1.1.1
  Log in to the CLI and issue the following command:
  application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz Upgrade
  Wait.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.Charles Moreton

• Windows 7 Comparability for SHA-256 (Code Signing)

  Dear All
     I want to know when the update for windows 7 (SHA-256 Code Signing Comparability -- for Kernel driver) will be available?

  Hi,
  I'm not sure whether you know this update KB 2949927, Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality.
  http://support.microsoft.com/kb/2949927
  Microsoft Security Advisory 2949927
  https://technet.microsoft.com/en-us/library/security/2949927.aspx
  This blog can also be helpful
  Microsoft Security Advisory 2949927
  http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
  Yolanda Zhu
  TechNet Community Support

• In ISE (ise-3315) low reliability

  Hello.
  What will happen if ise- 3315 broke one HDD? In ISE low reliability - RAID no. How can a server for security do without RAID?
  How can we improve reliability?

  The best solution is going for the higher appliance or VMware solution for reference kindly see the following details
  Cisco Identity Services Engine Hardware Specifications
  Cisco Identity Services Engine Appliance 3315 (Small)
  Cisco Identity Services Engine Appliance 3355 (Medium)
  Cisco Identity Services Engine Appliance 3395 (Large)
  Processor
  1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz
  1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  Memory
  4 GB
  4 GB
  4 GB
  Hard disk
  2 x 250-GB SATA HDD
  2 x 300-GB SAS drives
  4 x 300-GB SFF SAS drives
  RAID
  No
  Yes (RAID 0)
  Yes (RAID 0+1)
  Removable media
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10BASE-T cable support
  Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Cavium CN1620-400-NHB-G
  Interfaces
  Serial ports
  1
  1
  1
  USB 2.0 ports
  4 (two front, two rear)
  4 (one front, one internal, two rear)
  4 (one front, one internal, two rear)
  Video ports
  1
  1
  1
  External SCSI ports
  None
  None
  None
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  28 lb (12.7 kg) fully configured
  35 lb (15.87 kg) fully configured
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.69 x 17.32 x 22 in.
  (43 x 440 x 55.9 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  Power supply
  350W
  Dual 675W (redundant)
  Dual 675W (redundant)
  Cooling fans
  6; non-hot plug, nonredundant
  9; redundant
  9; redundant
  BTU rating
  1024 BTU/hr (at 300W)
  2661 BTU/hr (at 120V)
  2661 BTU/hr (at 120V)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Cisco Secure Network Server 3415 (Small) - New
  Cisco Secure Network Server 3495 (Large) - New
  Processor
  1 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  2 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  Memory
  16 GB
  32 GB
  Hard disk
  1 x 600GB 6Gb SAS 10K RPM
  2 x 600GB 6Gb SAS 10K RPM
  RAID
  No
  Yes (RAID 0+1)
  CD/DVD-ROM drive
  No
  No
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Interfaces
  Front Panel Connector
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  Additional Rear Connectors
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  35.6 lbs (16.2 kg)
  26.8 lbs (12.1 kg)
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  Power supply
  650W
  Dual 650W (redundant)
  Cooling fans
  5
  5
  Temperature: Operating
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  Temperature: Nonoperating
  -40 to 158°F (-40 to 70°C)
  -40 to 158°F (-40 to 70°C)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules

• What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH)

  Hi,
  I just want to know,
  What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH).
  if support already,
  how can i setting.
  plz.  help me!!! 

  The following blog states that SQL Server "leverages the SChannel layer (the SSL/TLS layer provided
  by Windows) for facilitating encryption.  Furthermore, SQL Server will completely rely upon SChannel to determine the best encryption cipher suite to use." meaning that the version of SQL Server you are running has no bearing on which
  encryption method is used to encrypt connections between SQL Server and clients.
  http://blogs.msdn.com/b/sql_protocols/archive/2007/06/30/ssl-cipher-suites-used-with-sql-server.aspx
  So the question then becomes which versions of Windows Server support TLS 1.2.  The following article indicates that Windows Server 2008 R2 and beyond support TLS 1.2.
  http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
  So if you are running SQL Server on Windows Server 2008 R2 or later you should be able to enable TLS 1.2 and install a TLS 1.2 certificate.  By following the instructions in the following article you should then be able to enable TLS 1.2 encryption
  for connections between SQL Server and your clients:
  http://support.microsoft.com/kb/316898
  I hope that helps.

• ISE-3415 vs ISE-3315

  Hello,
  two years ago I wanted to buy ISE-3315 and when we prepared order we were told we have to order following components:
  - ISE-3315-K9
  - L-ISE-ADV3Y-100=
  Today ISE-3315 is EOS and the solution for small business is ISE-3415. The problem is we have to order following components:
  - SNS-3415-K9
  - SW-3415-ISE-K9 Cisco ISE Software version 1.2 for the SNS-3415-K9
  - L-ISE-ADV-S-100=
  The main problem is the new solution costs almost 50% more. Can someone confirm that it is correct? Or maybe I had wrong information two years ago with ISE-3315.
  BTW - I need the appliance for lab and study. Do we need to buy a full license in this case?
  Thank you
  Hubert

  Yes you can buy the appliance and then install the trial version.  just keep in mind that once the trial time has run out you must buy the license to continue to use the features that were available with the trial version.
  If using VMware, you can rollback to a snapshot prior to the installation of the ISE and reinstall the trial license and continue to use it for your studies.
  Of course, if you have a budget that will allow you to buy the appliance and a full license that is provided by the trial license, then go for it.  But if you want to save some money then the VMware is the way to go.
  Please remember to select a correct answer and rate helpful posts

• Does Cisco ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 support command accouting like ACS

  Hi
  Can Anybody can update whether   ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
  Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting ..
  has succeed in  command level accounting on  Cisco ISE ..
  Please update
  Cisco ISE doesn't have TACACS feature ...

  Command Accounting is a TACACS+ feature so not for ISE....yet.
  However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory.  The notify syslog is what sends it via syslog.
  conf t
  archive
  log config
  logging enable
  logging size 200
  hidekeys
  notify syslog
  end
  wr mem
  Remember, syslog is clear text  :-)  log away from user traffic when possible.  Or use TLS based syslog when possible.
  I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Please rate post you consider useful.
  -James

• SHA-256 with WebLogic Server

  We are being forced to migrate our SSL certs from SHA-1 to SHA-256. We will be using Oracle WebLogic Server 10.3.4 for Oracle FMW Portal. Can anyone tell me if WebLogic supports serving SHA-256 certificates? If so, is there any documentation on this?

  You can get in touch with Oracle Weblogic Support and give this bud id : bug8422724
  WLS 10.3.1 and above support certificates signed by sha256withRSA.
  -Faisal
  http://www.weblogic-wonders.com

• Why in Firefox there are no cipher suits with SHA-256?

  I don't see cipher suits with SHA-256 in Firefox ClientHello. Why? They are not supported?

  I think that it is best to keep the discussion in one thread, so I locking the other two that you created.
  Please continue here: [[/questions/976999]]

• Does Anybody know how to keep the license files and Certificates in ISE-3315 During the upgrade.

  Hi,
  I have two ISE-3315 Appliances in production network.
  I need someone's help to explain, how to make the Secondary node as the primary admin note to reset-config.
  And then I would like to know how to keep the license files and Certificate during the Upgrade.
  Please help me to answer my questions.
  Thanks
  CSCO11872447

  The Cisco Identity Services Engine (ISE) provides distributed  deployment of runtime services with centralized configuration and  management. Multiple nodes can be deployed together in a distributed  fashion to support failover.
  If you register a  secondary Monitoring ISE node, it is recommended that you first back up  the primary Monitoring ISE node and then restore the data to the new  secondary Monitoring ISE node. This ensures that the history of the  primary Monitoring ISE node is in sync with the new secondary node as  new changes are replicated.
  Please  Check the below configuration guide for Secondary ISE- Nodes.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.pdf

• ISE 3315 show application status ise taking so long

  Hi,
  I have a brand new ISE 3315 appliance  running 1.1.1.268 , whenver I try to issue the command "show application status ise" , it takes so long time before it shows the output ..the same when I try to start or stop the application ..
  I would like to know if the NTP reachability can cause this kind of behavior .. I'm still testing the appliance in the lab , and I have no NTP server , but I have created local DNS server on a router.
  any ideas !

  Hi
  The Execute Network Device Command diagnostic tool allows you to run the show command on any network device. The results are exactly what you would see on a console, and can be used to identify problems in the configuration of the device. You can use it when you suspect that the configuration is wrong, you want to validate it.
  Please make sure that you have performed these steps:
  Step 1 Choose Operations > Troubleshoot > Diagnostic Tools > General Tools > Execute Network Device Command.
  Step 2 Enter the information in the appropriate fields.
  Step 3 Click Run to execute the command on the specified network device.
  Step 4 Click User Input Required, and modify the fields as necessary.
  Step 5 Click Submit to run the command on the network device, and view the output.

• ISE-3315, license

  Hi all,
  I hope someone can help me out with the following question;
  We want to buy a ISE-3315-K9 for 500 end-devices.
  In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)
  Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
  Thanks in advance,
  Erik Verkerk.

  Cisco ISE comes with a built-in evaluation  license, which is valid for 90 days. The evaluation license includes  both base and advanced packages and limits the number of endpoints to  100 for both the base and advanced packages
  ISE 3315 is End-of-Sale
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/eol_C51-728424.html
  For 500 endpoint support (basic funtionality ) you  need to buy  L-ISE-BSE-500=
  https://apps.cisco.com/WOC/WOConfigUI/pages/configset/configset.jsp

• ISE 3315 stuck in INIT Entering runlevel: 3

  Hello
  my ISE 3315 is stuck in
  ISE 3315 stuck in INIT Entering runlevel: 3
  when i connect a screen and keyboard i can only see this last message :
  ISE 3315 stuck in INIT Entering runlevel: 3
  There is nothing after, i cannot login (no prompt) even after waiting 20 minutes with this message
  I have no char return via serial cable depsite i was able to run initial setup from console (same cable, the DB9-DB9 provided, same serial config, same laptop)
  really strange
  Version ADE :  ADE-OS-2.0 (2.6.18-238.1.1.el5PAE)
  Version ISE : 1.1.0.665
  Any idea ?
  Thanks
  Guillaume

  Hello,
  for me i can say it is too slow if you don't have a DNS and a NTP server accessible from the ISE.
  It is requested to have both servers during initial setup, and with that, it is running faster (let's say 30 minutes to do all initial setup ...)
  Hope it helps !

• ISE 3315 License needed for integration with PxGrid SealthWatch

  Hello Experts,
  i have ISE 3315 with Version 1.3
  i want to integrate it with pxgrid and ordering Sealthwatch. Can anyone tell me do i need To have ISE Advance-License for this integration ? Or with ISE  Base-License it can work?
  Thanks

  ISE License Packages
  Perpetual/Subscription (Terms Available)
  ISE Functionality Covered
  Notes
  Base
  Perpetual
  Basic network access: AAA, IEEE-802.1X
  Guest management
  Link encryption (MACSec)
  TrustSec
  ISE Application Programming Interfaces
  Plus
  Subscription (1, 3, or 5 years)
  Bring Your Own Device (BYOD) with built-in Certificate Authority Services
  Profiling and Feed Services
  Endpoint Protection Service (EPS)
  Cisco pxGrid
  Does not include Base services; a Base license is required to install the Plus license.
  Apex
  Subscription (1, 3, or 5 years)
  Third Party Mobile Device Management (MDM)
  Posture Compliance
  Does not include Base or Plus services; a Base license is required to install the Apex license.
  Note   
  When you use Cisco AnyConnect as unified posture agent across wired, wireless, and VPN deployments, you need Cisco AnyConnect Apex user licenses in addition to Cisco ISE Apex licenses.
  Mobility
  Subscription (1, 3, or 5 years)
  Combination of Base, Plus, and Apex for wireless and VPN endpoints
  Cannot coexist on a Cisco Administration node with Base, Plus, and/or Apex Licenses.
  Mobility Upgrade
  Subscription (1, 3, or 5 years)
  Provides wired support to Mobility license
  You can only install a Mobility Upgrade License on top of an existing Mobility license.
  Evaluation
  Temporary (90 days)
  Full Cisco ISE functionality is provided for 100 endpoints.
  All Cisco ISE appliances are supplied with an Evaluation license.