https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5325473#M597990 <P>I used OnConnect script (need to be enabled in anyconnect profile to work) that opens http://<SPAN>enroll.cisco.com, IP&nbsp;72.163.1.80 is configured in split tunnel ACL, and redirect ACL catches it. But, I used this only for external partners &amp; temporary agent. For employees it's better if you preprovision ISEPosture.cfg file and ISE posture agent, and configure ISE hosts in cfg file, then posture client knows where are ISE hosts and can connect to them without browser redirection.</SPAN></P> <P>&nbsp;</P> Fri, 29 Aug 2025 07:02:50 GMT smilic 2025-08-29T07:02:50Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5282333#M596938 <P>When I connect to my VPN headend (FTD 7.2.9) I make it through authentication and authorization. ISE recognizes my host as "Posture Unknown", but no browser pops-up automatically with the Client Provisioning Portal. If I open a browser and navigate to an http site, redirection works.</P><P>The redirect ACL name is exactly the same on the FTD and in the ISE Authorization Policy.</P><P>The redirection ACL denies DNS, DHCP and ISE from redirection and permits all else.</P><P>Packet capture shows host never attempts to access an http site over my VPN tunnel, which I suppose is the reason the automatic redirect doesn't work.</P><P>I have seen more than one video that demonstrates the browser automatically launching after the VPN connection is established.</P><P><BR />Any help will be greatly appreciated.</P> Thu, 17 Apr 2025 13:11:05 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5282333#M596938 Danny Dulin 2025-04-17T13:11:05Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5325473#M597990 <P>I used OnConnect script (need to be enabled in anyconnect profile to work) that opens http://<SPAN>enroll.cisco.com, IP&nbsp;72.163.1.80 is configured in split tunnel ACL, and redirect ACL catches it. But, I used this only for external partners &amp; temporary agent. For employees it's better if you preprovision ISEPosture.cfg file and ISE posture agent, and configure ISE hosts in cfg file, then posture client knows where are ISE hosts and can connect to them without browser redirection.</SPAN></P> <P>&nbsp;</P> Fri, 29 Aug 2025 07:02:50 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5325473#M597990 smilic 2025-08-29T07:02:50Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326785#M598033 <P>Have you looked at redirectionless posture instead? Also why 7.2.9 and not something newer?</P> Wed, 03 Sep 2025 12:05:18 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326785#M598033 ahollifield 2025-09-03T12:05:18Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326795#M598035 <P>No I haven't looked at <SPAN>redirectionless&nbsp;</SPAN> posture.<BR /><BR />7.2.9 because we still have Firepower 4110's that are incompatible with anything above 7.2. Moving away from these in the future.</P> Wed, 03 Sep 2025 12:37:19 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326795#M598035 Danny Dulin 2025-09-03T12:37:19Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326804#M598036 <P>Got it, I would highly recommend looking at redirectionless posture instead. It's a much better user experience.</P> <P><A href="https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/firepower-4110-series-security-appliances-eol.html" target="_blank">https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/firepower-4110-series-security-appliances-eol.html</A></P> Wed, 03 Sep 2025 12:51:27 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326804#M598036 ahollifield 2025-09-03T12:51:27Z https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326807#M598037 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot (322).png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/251324i18617E359A047995/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot (322).png" alt="Screenshot (322).png" /></span><BR />check posture in client side</P> <P>MHM</P> Wed, 03 Sep 2025 12:55:21 GMT https://community.cisco.com/t5/network-access-control/ise-posture-automatic-redirection-to-client-provisioning-portal/m-p/5326807#M598037 MHM Cisco World 2025-09-03T12:55:21Z