Re: Jamf Web Redirect ACL

Jason Weids · ‎03-25-2019

I am setting up PoC for ISE & Jamf integration following this document;

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01000.html#ID259

I have imported the certificates & defines the Jamf server which is connected but not sure on what the ACL configuration should be on the WLC for the web_redirect to Jamf registration.

Does anyone have an example of what the ACL should look like?

hslai · ‎03-25-2019

If using AireOS WLC, only HTTP/HTTPS not permitted in the ACL will get redirected. The ACL needs permit connections to DNS (DHCP implicitly permitted usually), ISE MDM portal (default TCP 8443), MDM enrollment portal, and any connections needed for the MDM enrollment to complete. I have no info specific to JAMF but you should be able to find more info from their support resources. For example,

The Renaissance of NAC with Casper Suite and Cisco ISE | Jamf

Jason Weids · ‎03-26-2019

My ACL looks like this. Are you saying I need to add a deny all for http/https?

Jason Weids · ‎03-26-2019

When connecting it is matching the profile & policy for an unregistered device, but shouldn't Jamf return a popup or message saying you need to register your device & give the URL

Jason Weids · ‎04-02-2019

I have followed all the documentation & still can't get this working.

My unregistered device is hitting the right policy but I am not getting the redirection for the devices to register.

Any help please.

beinsports · ‎06-29-2021

Jason, did you ever find the solution for this? Having a similar issue.