10-26-2023 12:10 AM
Hi,
We are having ISE 2.7 patch 9 and it is used for for endpoint posturing. For unknown clients posture reduction we have enabled the http and https redirection on cisco NAD switches.
But now we have reported http and https vulnerability from our SOC team and to disable the same.
Please suggest if there is any alternative way for redirection without enabling http & https on NAD switches or else if there is any way to use http & https without any impacting.
Solved! Go to Solution.
10-26-2023 12:16 AM
@wavarevivek1 there are redirectionless posture options, you'd need to predeploy the call home server list to the clients:-
10-26-2023 05:58 AM
On IOS-XE devices that don't require access to the web UI, it is recommended to use the following commands to prevent access to the web UI while still allowing the ISE redirect use cases:
ip http active-session-modules none
ip http secure-active-session-modules none
11-06-2023 04:42 PM
10-26-2023 12:16 AM
@wavarevivek1 there are redirectionless posture options, you'd need to predeploy the call home server list to the clients:-
10-26-2023 05:58 AM
On IOS-XE devices that don't require access to the web UI, it is recommended to use the following commands to prevent access to the web UI while still allowing the ISE redirect use cases:
ip http active-session-modules none
ip http secure-active-session-modules none
11-06-2023 04:42 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide