10-21-2021 05:58 PM
Is it possible to use tcp port 443 for the ISE guest portals (hotspot, self-register, etc)? Typically the port range for guest portals are TCP/8000-8999 (default port is TCP/8443). If not, is there a way to make it work, without say using a load-balancer to proxy port 443 on the frontend to 8443 on the backend?
Solved! Go to Solution.
10-21-2021 06:41 PM
No, the ISE nodes cannot be configured to listen for Portal traffic on TCP/443. Only the valid port range of 8000-8999 can be configured for the Portals as per the Admin Guide and UI.
You would have to use a proxy, LB, FW, etc. in front of the PSN to port forward TCP/443 to TCP/8443 (for example), but I'm not sure why that would need to be done.
10-21-2021 06:41 PM
No, the ISE nodes cannot be configured to listen for Portal traffic on TCP/443. Only the valid port range of 8000-8999 can be configured for the Portals as per the Admin Guide and UI.
You would have to use a proxy, LB, FW, etc. in front of the PSN to port forward TCP/443 to TCP/8443 (for example), but I'm not sure why that would need to be done.
10-21-2021 06:45 PM
Thanks for the confirmation. This is for a particular use case where guest traffic on port 443 is only allowed.
10-21-2021 06:55 PM
You might need to delve into the requirement a bit more to determine what the justification is. The connection still HTTPS, so it provides the same level of security.
Even with another device in front to port forward, this would be difficult to accomplish as the port is sent in the URL redirect from ISE to the NAD, which then presents it to the client. You would have to intercept the RADIUS session between ISE and the NAD and rewrite the redirect URL that the NAD would then push to the client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide