addIdentityServicesEngine
The addIdentityServicesEngine operation handles configuration related to IdentityServicesEngine model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| name | True | string | Name of the Identity Services Engine (ISE) configuration | ||
| description | False | string | A small description of the Identity Service Engine configuration Field level constraints: length must be between 0 and 200 (inclusive), must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
||
| ftdCertificate | True | object | The internal certificate that the system must provide to Identity Services Engine (ISE) when connecting to ISE or when performing bulk downloads Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [InternalCertificate] |
||
| pxGridCertificate | True | object | The trusted CA certificate for the pxGrid framework. If your deployment includes a primary and a secondary pxGrid node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate] |
||
| mntCertificate | True | object | The trusted CA certificate for the MNT server in the Identity Services Engine (ISE) deployment. If your deployment includes a primary and a secondary MNT node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate] |
||
| iseNetworkFilters | False | [object] | An optional list of network objects. If you define a network filter, Identity Services Engine (ISE) reports user activity on the specified networks only. The system receives no information from ISE for any other networks Allowed types are: [NetworkObject, NetworkObjectGroup] |
||
| enabled | True | boolean | A boolean that specifies whether the Identity Services Engine (ISE) configuration is enabled. Values are true(enabled) or false(disabled) Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| primaryIseServer | False | string | The address of the primary Identity Services Engine (ISE) server | ||
| secondaryIseServer | False | string | If you are using a high availability (HA) configuration for the primary Identity Services Engine (ISE) server, the address of the secondary Identity Services Engine (ISE) server | ||
| type | True | string | identityservicesengine | ||
Example
- name: Execute 'addIdentityServicesEngine' operation
ftd_configuration:
operation: "addIdentityServicesEngine"
data:
name: "{{ name }}"
description: "{{ description }}"
ftdCertificate: "{{ ftd_certificate }}"
pxGridCertificate: "{{ px_grid_certificate }}"
mntCertificate: "{{ mnt_certificate }}"
iseNetworkFilters: "{{ ise_network_filters }}"
enabled: "{{ enabled }}"
primaryIseServer: "{{ primary_ise_server }}"
secondaryIseServer: "{{ secondary_ise_server }}"
type: "{{ type }}"