05-14-2019 02:31 PM
Hello all,
I wanted to pose this question to the community to see what kind of feedback I'd get. I understand that the recommended solution for multiple PSNs is to place them behind a load balancer. However, are there any downsides or potential problems I could run into by doing so? Things I have in mind are advance features such as using SGTs, pxGrid, and any other feature that is known to be an issue when used behind a load balancer. I'm asking specifically for version 2.3 or later.
Your feedback is greatly appreciated!
Terence
Solved! Go to Solution.
05-14-2019 03:29 PM
05-15-2019 02:31 PM
The result of a non static FQDN, the URL is https://ip:port/... so the client device will see https://ise-box-01.internal.org:8443?fhfhkshfs etc - at that point you're snookered because the cert that ISE presents to the user will not contain .internal.org (or at least, no public CA will make a cert for you using that private domain). This is why you need to perform the "translation" of internal domain to public domain using the static override in the AuthZ.
I hope that makes sense :)