https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217878#M183057 <HTML><HEAD></HEAD><BODY><P>"Ends with" does not appear to be an operator.&nbsp; My choices are EQUALS, NOTEQUALS, GREATERTHAN, LESSTHAN or CONTAINS.&nbsp; I will most likely need to use the EQUALS operator to match on my regular expression, but can't figure out what the proper syntax is to match on first few characters and domain.</P></BODY></HTML> Fri, 03 May 2013 21:32:50 GMT Brian Schultz 2013-05-03T21:32:50Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217876#M182958 <P>I'm trying to come up with a profiling condition to match on FQDN.&nbsp; In this particular example, all corporate workstations have the following common FQDN:</P><P></P><P>abcd-machinename.xyz.com</P><P></P><P>I would like to match on everything except the machinename which can be a wildcard.&nbsp; The profiling condition I've attempted to configure is </P><P></P><P>IP:FQDN CONTAINS ^(abcd)*(\.xyz\.com)$</P><P></P><P>I never get any matches on this or any variation that I've tried.&nbsp; When I look at the Endpoint in Identity, I do see the full FQDN as an attribute.</P><P></P><P>Can anyone help me with the correct syntax to match a FQDN in this manner?</P><P></P><P>Thanks,</P><P>Brian</P> Mon, 11 Mar 2019 03:23:34 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217876#M182958 Brian Schultz 2019-03-11T03:23:34Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217877#M183007 <HTML><HEAD></HEAD><BODY><P>I think you should use "Ends with" operator against the domain name "xyz.com" instead of using "contains" operator against entire FQDN</P><P></P><P>For more detail, the following link may be helpful:</P><P></P><P><STRONG>Creating a New Authorization Policy</STRONG></P><P><A href="http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_authz_polprfls.html#wp1082656">http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_authz_polprfls.html#wp1082656</A></P><P></P><P>In the above link, review the Note:<STRONG>The "Matches" operator supports and uses regular expressions (REGEX) not wildcards.</STRONG></P><P></P><P>From my understanding, regular expressions can't be used against all operators</P></BODY></HTML> Fri, 03 May 2013 21:22:51 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217877#M183007 askhuran 2013-05-03T21:22:51Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217878#M183057 <HTML><HEAD></HEAD><BODY><P>"Ends with" does not appear to be an operator.&nbsp; My choices are EQUALS, NOTEQUALS, GREATERTHAN, LESSTHAN or CONTAINS.&nbsp; I will most likely need to use the EQUALS operator to match on my regular expression, but can't figure out what the proper syntax is to match on first few characters and domain.</P></BODY></HTML> Fri, 03 May 2013 21:32:50 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217878#M183057 Brian Schultz 2013-05-03T21:32:50Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217879#M183074 <HTML><HEAD></HEAD><BODY><P>Regardless of&nbsp; <STRONG>Ends With</STRONG> operator, your filter may focus on the domain name xyz.com instead of entire FQDN.</P><P></P><P>Regular expressions pattern varies among different platforms. Writing perfect and precise regex is a tricky method that can't be discussed at forum.</P><P><STRONG>But the best way out is you try these online editors:</STRONG></P><P></P><P><A class="jive-link-external-small" href="http://gskinner.com/RegExr/">http://gskinner.com/RegExr/</A></P><P><A class="jive-link-external-small" href="http://myregexp.com/">http://myregexp.com/</A></P><P><A class="jive-link-external-small" href="http://www.regexplanet.com/">http://www.regexplanet.com/</A></P><P></P><P>You may also search for <STRONG>Regular Expressions Editor / Tester</STRONG></P></BODY></HTML> Fri, 03 May 2013 23:43:07 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217879#M183074 askhuran 2013-05-03T23:43:07Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217880#M183113 <HTML><HEAD></HEAD><BODY><P>Hello Brian,</P><P>Upcoming ISE 1.2 which is to be released soon, has the additional operators "Starts With" &amp; "Ends With" operators that will be useful,</P><P></P><P>For DHCP host-name you can use Starts With</P><P>and</P><P>For domain name Ends With</P></BODY></HTML> Fri, 17 May 2013 15:59:59 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217880#M183113 askhuran 2013-05-17T15:59:59Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217881#M183152 <HTML><HEAD></HEAD><BODY><P>Thanks Ashok.&nbsp; Until 1.2 gets released, we will use the CONTAINS operator as we discussed over the phone earlier this week.&nbsp; Thanks for your assistance.</P></BODY></HTML> Fri, 17 May 2013 16:20:15 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217881#M183152 Brian Schultz 2013-05-17T16:20:15Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217882#M183196 <HTML><HEAD></HEAD><BODY><P>Hi Brian,</P><P></P><P>Just wanted to add what all you discussed so far;</P><P></P><P>A new defect has bee filed on the same topic</P><P><A href="https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCug82199" target="_blank">CSCug82199</A>&nbsp;&nbsp;&nbsp; Profiler Conditions Using REGEX as Attribute Value Don't Work Correctly </P><P></P><P><B>Symptom:</B> Profiling condition does not match a REGEX configured in the Attribute Value text box when set to EQUAL the contents</P><P></P><P><B>Conditions:</B> REGEX configured with a wildcard portion in the middle fail the be profiled.</P><P></P><P><B>Workaround:</B> Use a simple text value in the Attribute Value Box matched with the CONTAINS operator.</P><P></P><P></P><P>Jatin Katyal <BR /> - Do rate helpful posts -</P></BODY></HTML> Fri, 17 May 2013 19:58:56 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217882#M183196 Jatin Katyal 2013-05-17T19:58:56Z https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217883#M183239 <HTML><HEAD></HEAD><BODY><P>Hello Jatin,</P><P>At the time of writing this message, the bug detail page is not accessible. Please confirm the URL</P><P></P><P>And I wanted to share my views on the operators' use:</P><P></P><P>Although, ISE does not seem to be functioning in this way but logically EQUALS, GREATER THAN, LESS THAN operators (should) call for mathematical evaluation of the expression, whereas the textual operation, comparison, analysis etc. would require the following operators:</P><P></P><P>MATCHES</P><P>STARTS WITH</P><P>ENDS WITH</P><P>CONTAINS</P><P>DOESNT CONTAIN</P><P>etc.</P><P></P><P>I have also noticed that in earlier ISE versions, FQDN was displayed in hex form with 4 hex digits (3 leading zeros) followed by FQDN name. I shall try to check the raw FQDN value returned in AV pairs. This may be the reason of failure of EQUALS operator</P></BODY></HTML> Sat, 18 May 2013 06:20:46 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-match-on-endpoint-fqdn/m-p/2217883#M183239 askhuran 2013-05-18T06:20:46Z