Hello,
I have ISE nodes and I enabled web portal access for my devices portal. Per the Cisco ISE ports reference document, the needed ports are TCP/8000-8999, HTTPS, and TCP/25
The problem is:
1) Allowing HTTPS in the firewall will allow the end users to get into the login page of the ISE nodes. However, by blocking the HTTPS port only, the end users no more get access to the web portal access.
2) allowing monitoring police service ISE node only, allowing the end users to get into the web portal access but after a minute
What is Cisco's recommendation to protect getting access to the ISE nodes but allowing users to get into web portal access?
Thanks