topic Jamf Web Redirect ACL in Network Access Control

Jamf Web Redirect ACL

Jason Weids — Mon, 25 Mar 2019 11:31:33 GMT

I am setting up PoC for ISE & Jamf integration following this document;

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01000.html#ID259

I have imported the certificates & defines the Jamf server which is connected but not sure on what the ACL configuration should be on the WLC for the web_redirect to Jamf registration.

Does anyone have an example of what the ACL should look like?

Re: Jamf Web Redirect ACL

hslai — Mon, 25 Mar 2019 12:46:10 GMT

If using AireOS WLC, only HTTP/HTTPS not permitted in the ACL will get redirected. The ACL needs permit connections to DNS (DHCP implicitly permitted usually), ISE MDM portal (default TCP 8443), MDM enrollment portal, and any connections needed for the MDM enrollment to complete. I have no info specific to JAMF but you should be able to find more info from their support resources. For example,

The Renaissance of NAC with Casper Suite and Cisco ISE | Jamf

Re: Jamf Web Redirect ACL

Jason Weids — Tue, 26 Mar 2019 14:10:09 GMT

My ACL looks like this. Are you saying I need to add a deny all for http/https?

Re: Jamf Web Redirect ACL

Jason Weids — Tue, 26 Mar 2019 14:42:02 GMT

When connecting it is matching the profile & policy for an unregistered device, but shouldn't Jamf return a popup or message saying you need to register your device & give the URL

Re: Jamf Web Redirect ACL

Jason Weids — Tue, 02 Apr 2019 12:57:23 GMT

I have followed all the documentation & still can't get this working.

My unregistered device is hitting the right policy but I am not getting the redirection for the devices to register.

Any help please.

Re: Jamf Web Redirect ACL

beinsports — Tue, 29 Jun 2021 10:26:34 GMT

Jason, did you ever find the solution for this? Having a similar issue.