https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452841#M569192 <P>From my standpoint, this is a guest access, meaning that it will happen only for guest users. It also means that it will happen only upon initial connection, so it is not like users are connected all the time to this guest portal. If you want to achieve load-balancing, you could achieve it via WiFi setup, instructing WLC to use all configured AAA servers for this SSID, which should effectivelly achive te same - WLC would send requests to both PSNs. PSNs would then reply, each with their own FQDN.</P><P>You could also look into imeplementing 'sleeping clients' approach, so that you actually cache some users, for certain perion, and not to prompt them for authentication, each time they step away from WiFi.</P><P>Placing ISE behind LB is not same like placing standard Web server behind LB. Reason for that is that LB can't just overwrite IP header, but it needs to modify the RADIUS content as well. This is why that guide is relevant, if you still want to proceed with it. For me personally, it looks like too much effort, without actually gaining much.</P><P>BR,</P><P>Milos</P> Sat, 21 Aug 2021 10:44:10 GMT Milos_Jovanovic 2021-08-21T10:44:10Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4451925#M569146 <P>&nbsp;Hi to everyone,</P><P>&nbsp;</P><P>my question is simple. Is it possible to do without problem assign to a guest-portal a static fqdn that point to the VIP F5 address? In order to balance the load trought F5? between two PSN.</P><P>(behind this F5 we have all PSN that provide the portal page)</P><P>&nbsp;</P><P>thank you</P> Thu, 19 Aug 2021 15:28:07 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4451925#M569146 Fabio885 2021-08-19T15:28:07Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452091#M569154 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1019118">@Fabio885</a>,</P><P>Yes, it is possible to assign static IP or FQDN as part of authorization profile on ISE.</P><P>However, placing ISE behind load-balancer is not that straight forward, and it must not be done as on standard Web servers. Please take a look at this <A href="https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159" target="_self">design guide</A>, in order to understand how ISE can be placed behind LB for RADIUS service.</P><P>If I may ask, what is your driver for doing this for Guest portal? What are you looking to achieve with this?</P><P>BR,</P><P>Milos</P> Thu, 19 Aug 2021 20:49:53 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452091#M569154 Milos_Jovanovic 2021-08-19T20:49:53Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452418#M569177 <P>Thank you for replying.</P><P>&nbsp;</P><P>Sorry, what do you mean with "driver"?</P><P>&nbsp;</P><P>btw i need to investigate on "400Bad request".&nbsp;</P><P>&nbsp;</P> Fri, 20 Aug 2021 12:41:20 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452418#M569177 Fabio885 2021-08-20T12:41:20Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452452#M569179 <P>Why do you want to place Guest portal behind LB?</P><P>BR,</P><P>Milos</P> Fri, 20 Aug 2021 13:45:40 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452452#M569179 Milos_Jovanovic 2021-08-20T13:45:40Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452465#M569180 <P>We need a LB because we have 2 psn for site. Are sites many populated with multiple office and we want to balance the load.</P> Fri, 20 Aug 2021 13:58:51 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452465#M569180 Fabio885 2021-08-20T13:58:51Z https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452841#M569192 <P>From my standpoint, this is a guest access, meaning that it will happen only for guest users. It also means that it will happen only upon initial connection, so it is not like users are connected all the time to this guest portal. If you want to achieve load-balancing, you could achieve it via WiFi setup, instructing WLC to use all configured AAA servers for this SSID, which should effectivelly achive te same - WLC would send requests to both PSNs. PSNs would then reply, each with their own FQDN.</P><P>You could also look into imeplementing 'sleeping clients' approach, so that you actually cache some users, for certain perion, and not to prompt them for authentication, each time they step away from WiFi.</P><P>Placing ISE behind LB is not same like placing standard Web server behind LB. Reason for that is that LB can't just overwrite IP header, but it needs to modify the RADIUS content as well. This is why that guide is relevant, if you still want to proceed with it. For me personally, it looks like too much effort, without actually gaining much.</P><P>BR,</P><P>Milos</P> Sat, 21 Aug 2021 10:44:10 GMT https://community.cisco.com/t5/network-access-control/static-fqdn-for-portal-with-f5/m-p/4452841#M569192 Milos_Jovanovic 2021-08-21T10:44:10Z