https://community.cisco.com/t5/network-access-control/ise-with-proxy-server-internet-explorer/m-p/2180377#M137898 <P>Hi guys. </P><P></P><P>I´m implementing a Cisco ISE in customer now and I have the follow state: </P><P></P><P><SPAN style="text-decoration: underline;"><STRONG>AUTHENTICATION</STRONG></SPAN></P><P></P><P>mab &gt; wired_mab OR wireless_mab &gt; default network protocos &gt; internal endpoints</P><P>employee &gt; wired_802.1x OR wireless_802.1x &gt; Radius Server Sequence</P><P>Guest &gt; Default network protocols &gt; internal users.</P><P></P><P><SPAN style="text-decoration: underline;"><STRONG>AUTHORIZATION </STRONG></SPAN></P><P><STRONG><BR /></STRONG></P><P>Guest <STRONG>IF </STRONG>ActivatedGuest <STRONG>Then </STRONG>PermitAccess (vlan L2)</P><P></P><P>employee_wired_wifi&nbsp; <STRONG>IF </STRONG><SPAN style="font-size: 10pt;">Workstation <STRONG>AND </STRONG>(Wireless_802.1X&nbsp; <STRONG>AND </STRONG>Wired_802.1X <STRONG>AND </STRONG>Session:PostureStatus EQUALS Compliant ) </SPAN></P><P><STRONG>then </STRONG>PERMIT_ALL_TRAFFIC</P><P></P><P>employee_pre_compliant <STRONG>IF </STRONG><SPAN style="font-size: 10pt;">Workstation </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">(Wireless_802.1X&nbsp; </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">Wired_802.1X </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">Session:PostureStatus NOT_EQUALS Compliant )</SPAN></P><P></P><P></P><P>And others configurations to Smartphones (android and apple) for example. </P><P></P><P>I configured the CLIENT PROVISIONING like this: </P><P>employee_win <STRONG>IF </STRONG>any <STRONG>AND </STRONG>windows all <STRONG>AND </STRONG>conditions any <STRONG>Then </STRONG>WebAgent 4.9.0.24</P><P></P><P>SO, this configuration permit the scenario bellow:</P><P></P><P>IF employee have NacAgent software installed - <SPAN style="font-size: 10pt;">the communication happens and posture initiate.</SPAN></P><P></P><P>IF employee don´t have the NacAgent, Open Internet Browser and redirect page start to WebAgent provisioning.</P><P></P><P><STRONG>This work</STRONG>.&nbsp; BUT to redirect the user to provisioning URL, I have to disable de proxy configurations in (Settings&gt;Internet Options&gt;Connections&gt;Lan Settings). </P><P></P><P><SPAN style="text-decoration: underline;">There are some kind of configuration that permit the Redirec Provisioning URL with internet proxy configured???</SPAN></P><P></P><P>PS: Also, do not work with I configured the <SPAN style="font-size: 10pt;">ISE </SPAN><SPAN style="font-size: 10pt;">Ip adress in "</SPAN><SPAN style="font-size: 10pt;">proxy exceptions".</SPAN></P><P></P><P></P><P>Best Regards</P> Mon, 11 Mar 2019 03:12:39 GMT Tiago Andrade de Paula 2019-03-11T03:12:39Z https://community.cisco.com/t5/network-access-control/ise-with-proxy-server-internet-explorer/m-p/2180377#M137898 <P>Hi guys. </P><P></P><P>I´m implementing a Cisco ISE in customer now and I have the follow state: </P><P></P><P><SPAN style="text-decoration: underline;"><STRONG>AUTHENTICATION</STRONG></SPAN></P><P></P><P>mab &gt; wired_mab OR wireless_mab &gt; default network protocos &gt; internal endpoints</P><P>employee &gt; wired_802.1x OR wireless_802.1x &gt; Radius Server Sequence</P><P>Guest &gt; Default network protocols &gt; internal users.</P><P></P><P><SPAN style="text-decoration: underline;"><STRONG>AUTHORIZATION </STRONG></SPAN></P><P><STRONG><BR /></STRONG></P><P>Guest <STRONG>IF </STRONG>ActivatedGuest <STRONG>Then </STRONG>PermitAccess (vlan L2)</P><P></P><P>employee_wired_wifi&nbsp; <STRONG>IF </STRONG><SPAN style="font-size: 10pt;">Workstation <STRONG>AND </STRONG>(Wireless_802.1X&nbsp; <STRONG>AND </STRONG>Wired_802.1X <STRONG>AND </STRONG>Session:PostureStatus EQUALS Compliant ) </SPAN></P><P><STRONG>then </STRONG>PERMIT_ALL_TRAFFIC</P><P></P><P>employee_pre_compliant <STRONG>IF </STRONG><SPAN style="font-size: 10pt;">Workstation </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">(Wireless_802.1X&nbsp; </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">Wired_802.1X </SPAN><STRONG style="font-size: 10pt;">AND </STRONG><SPAN style="font-size: 10pt;">Session:PostureStatus NOT_EQUALS Compliant )</SPAN></P><P></P><P></P><P>And others configurations to Smartphones (android and apple) for example. </P><P></P><P>I configured the CLIENT PROVISIONING like this: </P><P>employee_win <STRONG>IF </STRONG>any <STRONG>AND </STRONG>windows all <STRONG>AND </STRONG>conditions any <STRONG>Then </STRONG>WebAgent 4.9.0.24</P><P></P><P>SO, this configuration permit the scenario bellow:</P><P></P><P>IF employee have NacAgent software installed - <SPAN style="font-size: 10pt;">the communication happens and posture initiate.</SPAN></P><P></P><P>IF employee don´t have the NacAgent, Open Internet Browser and redirect page start to WebAgent provisioning.</P><P></P><P><STRONG>This work</STRONG>.&nbsp; BUT to redirect the user to provisioning URL, I have to disable de proxy configurations in (Settings&gt;Internet Options&gt;Connections&gt;Lan Settings). </P><P></P><P><SPAN style="text-decoration: underline;">There are some kind of configuration that permit the Redirec Provisioning URL with internet proxy configured???</SPAN></P><P></P><P>PS: Also, do not work with I configured the <SPAN style="font-size: 10pt;">ISE </SPAN><SPAN style="font-size: 10pt;">Ip adress in "</SPAN><SPAN style="font-size: 10pt;">proxy exceptions".</SPAN></P><P></P><P></P><P>Best Regards</P> Mon, 11 Mar 2019 03:12:39 GMT https://community.cisco.com/t5/network-access-control/ise-with-proxy-server-internet-explorer/m-p/2180377#M137898 Tiago Andrade de Paula 2019-03-11T03:12:39Z