Does anyone know a way to bring in an endpoint with the following attributes?
Endpoint Policy Name Static = True
Static Group Assignment Static = True
The 1.2 manual says;
If the file used for import contains endpoints that have their MAC addresses, and their assigned endpoint profiling policy is the static assignment, then they are not re-profiled during import.
To change a dynamic assignment of an endpoint identity group to static, check the Static Group Assignment check box. If the check box is not checked, then the endpoint identity group is dynamic as assigned by the profiler based on policy configuration.
Statically Profiled Endpoints
An endpoint can be profiled statically when you create an endpoint with its MAC address and associate a profile to it along with an endpoint identity group in Cisco ISE. Cisco ISE does not reassign the profiling policy and the identity group for statically assigned endpoints.
A) Does anyone know a way to import from an LDAP database and maintain the Static Group Assignment = True.
I successfully do an LDAP import of the MAC and Endpoint Group (which comes in as True) but the Static Group Assignment has the Endpoint Group Assignment correct but static is false unchecked. I don't want these profiling any more. These are thousands of endpoints and I do not see any way to do a bulk change. I have tried exporting and re-importing but that doesn't really scale.
B) Would creation of an endpoint group that is not part of the Profiled endpoint group change the behavior I see above when I do my LDAP import?
If there were a way to do the bulk selection and change the static property or the Static Group Assignment that would be of huge benefits. The changes apply to the fields selected within the endpoints while maintaining the MAC property of the endpoint.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...