27/09/2020 ISE profiling design guide: profiling services global configuration, probe setup, device integration

Recommended Content

ows, it has visibility into the decrypted HTTPS data.

Even when the HTTP probe is disabled on the PSN, the
node will parse the browser user agent string from the
web trac and correlate the data to the endpoint based
on its associated session ID. When browser strings are
collected through this method, the source of the data is
listed as Guest Portal or CP (Client Provisioning) rather
than HTTP Probe. More details on the HTTP Probe are
provided later in this guide.

Be sure to review the details of each probe in this guide

for guidance on which probes to enable and for what
purpose. In general, it is not recommended to congure
all probes, especially in a production deployment, as this
may result in excessive data collection than is required to
achieve the desired goal.

The Proling Conguration is currently unique to each

PSN. In most deployments, each PSN should be
congured with identical Proler Conguration settings.
A couple exceptions to this general rule include

The pxGrid Probe should be enabled on only a subset

of PSNs, typically no more than two nodes. More
details can be found under the pxGrid Probe section
Specic probes may be applicable to PSNs servicing
particular locations or sections of the network. For
example, if PSNs serving a group of network devices
support Device Sensor, then it may not be necessary
to enable other probes that collect the same set of
attributes. Another example would be to perform
discovery only using the SNMP probes prior to the
enablement of RADIUS at a new location. This would
allow an administrator to gain visibility into the network
prior to any network authentication being congured.
Similarly, it may be desirable to dedicate a node for
data center visibility even though RADIUS-based
authentication is not planned for server farms
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design 1/1