To get started with endpoint monitoring with Cisco TrustSec, download and install the Cisco TrustSec plugin on Panorama. To correlate the plugin version with the Panorama version, see Panorama Plugins in the Compatibility Matrix.

If you have a Panorama HA configuration, repeat this installation process on each Panorama peer. When installing the plugin on Panorama appliances in an HA pair, install the plugin on the passive peer before the active peer. After installing the plugin on the passive peer, it will transition to a non-functional state. Installing the plugin on the active peer returns the passive peer to a functional state.

If you have a standalone Panorama or two Panorama appliances installed in an HA pair with multiple plugins installed, plugins might not receive updated IP-tag information if one or more of the plugins is not configured. This occurs because Panorama will not forward IP-tag information to unconfigured plugins. Additionally, this issue can occur if one or more of the Panorama plugins is not in the Registered or Success state (positive state differs on each plugin). Ensure that your plugins are in the positive state before continuing or executing the commands described below.

If you encounter this issue, there are two workarounds:

The commands described are not persistent across reboots and must be used again for any subsequent reboots. For Panorama in HA pair, the commands must be executed on each Panorama.