https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3858971#M472999 <P>Thanks for the response.</P><P>1. I will check our WLC session and idle timeout settings and see if it behaves accordingly.&nbsp;</P><P>2. Actually we had to disabled captive portal for mac osx mojave byod as it wasn't working properly and throwing some errors. I guess its a no then.</P><P>3. Strange, because I have tested sites like bbc.com and yahoo.com which are https and these urls have triggered redirect on some occasions. Regarding https redirect I read this <A href="https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-cwa-and-https-redirection/td-p/3583892" target="_self">discussion</A> and it doesn't seem to be recommended?</P><P>4. Ok.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 19 May 2019 15:16:00 GMT Madura Malwatte 2019-05-19T15:16:00Z https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3857509#M472996 <P>ISE 2.3 patch 5</P><P>I am trying to clarify a few things with Temporal Agent. This is for wireless dual byod. Some answers were provided here but its not really clear -&nbsp;<A href="https://community.cisco.com/t5/identity-services-engine-ise/byod-posture-temporal-agent-how-to-become-compliant-after-non/td-p/3793880" target="_blank" rel="noopener">https://community.cisco.com/t5/identity-services-engine-ise/byod-posture-temporal-agent-how-to-become-compliant-after-non/td-p/3793880</A></P><P>1. Once posture check is done via temporal agent, when will a user be required to do posture again? Is there a timer or does the web browser windows need to be closed and have no activity for a certain time? Or is it solely dependent on the wireless controller idle timeout?</P><P>2. Is there a way to force browser to pop up with redirect (once connected on the secure ssid) instead of having the user manually enter a url before the redirect happens?&nbsp;</P><P>3. In some instances when a url is entered in the browser window, the redirect for posture check does not happen. Instead it looks like nothing happens. I can reload the same page multiple times and nothing. Other url's work fine first go. Has anyone noticed this before, is it purely browser related?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2019-05-14 at 3.32.35 pm.jpg" style="width: 396px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/36812iACFC10DAC1F74061/image-dimensions/396x272?v=v2" width="396" height="272" role="button" title="Screen Shot 2019-05-14 at 3.32.35 pm.jpg" alt="Screen Shot 2019-05-14 at 3.32.35 pm.jpg" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2019-05-14 at 3.41.51 pm.jpg" style="width: 398px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/36814i5DFECC198636CCC3/image-dimensions/398x236?v=v2" width="398" height="236" role="button" title="Screen Shot 2019-05-14 at 3.41.51 pm.jpg" alt="Screen Shot 2019-05-14 at 3.41.51 pm.jpg" /></span></P><P>4. Once a device is enrolled, is it indefinite? Until of course the device is deleted or un-enrolled?</P> Thu, 16 May 2019 13:02:58 GMT https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3857509#M472996 Madura Malwatte 2019-05-16T13:02:58Z https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3857897#M472998 <P>On 1, the posture compliance status is per network session, so it depends how a network session is terminated. IIRC Cisco WLC by default has a 30-minute session timeout and it terminates the session after that interval. It also has idle timeout so that the session is terminated if there is no network connectivity; e.g. the endpoint moved outside of the coverage area.</P> <P>On 2, some client OS has a captive portal or wall-garden and uses a mini-browser. Unfortunately, such browsers tend to limited in supporting javascript or multi-page navigation. If your deployment is using client operating systems with good support, then you may test them out.</P> <P>On 3, that is due to HTTPS pages. Redirecting on HTTPS has some drawbacks: (1) it might impact performance (2) we will get hostname mismatch errors during the redirect. If you would like to try, see&nbsp;<SPAN><A href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118826-config-https-webauth-00.html" target="_blank">Configure HTTPS Redirect over Web-auth - Cisco</A></SPAN></P> <P>On 4, correct.</P> Thu, 16 May 2019 21:27:47 GMT https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3857897#M472998 hslai 2019-05-16T21:27:47Z https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3858971#M472999 <P>Thanks for the response.</P><P>1. I will check our WLC session and idle timeout settings and see if it behaves accordingly.&nbsp;</P><P>2. Actually we had to disabled captive portal for mac osx mojave byod as it wasn't working properly and throwing some errors. I guess its a no then.</P><P>3. Strange, because I have tested sites like bbc.com and yahoo.com which are https and these urls have triggered redirect on some occasions. Regarding https redirect I read this <A href="https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-cwa-and-https-redirection/td-p/3583892" target="_self">discussion</A> and it doesn't seem to be recommended?</P><P>4. Ok.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 19 May 2019 15:16:00 GMT https://community.cisco.com/t5/network-access-control/temporal-agent-posture-questions/m-p/3858971#M472999 Madura Malwatte 2019-05-19T15:16:00Z