cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
0
Helpful
3
Replies

Get HTTP User-Agent with URL redirect where endpoint doesn't see webpage

Josh Morris
Level 3
Level 3

I really want to get the HTTP User-Agent attribute on my endpoints. I understand that the only ways to do that are URL redirect or SPAN. I don't want to do SPAN. 

 

But using the URL redirect doesn't really seem to work for me either because I don't want my endpoints to have a webpage pop up with a prompt just so I can get this one attribute.

 

Am I looking at this the wrong way?

1 Accepted Solution

Accepted Solutions

chyps
Level 1
Level 1

To fetch user agent attribute via redirect, it does need to be redirected to PSN, not external server which would need to have web page interaction. However, you could devise this as a one-time pop.  For example, when profile not fully known due to missing user agent, you could return redirect with a welcome page.  Once user agent learned, that could trigger reprofile and CoA along with new AuthZ policy that does not redirect them.  However, you take the chance that the user agent is enough to reprofile endpoint.  Typically it will get you the device OS version and for mobile, maybe the actual device type.

View solution in original post

3 Replies 3

chyps
Level 1
Level 1

To fetch user agent attribute via redirect, it does need to be redirected to PSN, not external server which would need to have web page interaction. However, you could devise this as a one-time pop.  For example, when profile not fully known due to missing user agent, you could return redirect with a welcome page.  Once user agent learned, that could trigger reprofile and CoA along with new AuthZ policy that does not redirect them.  However, you take the chance that the user agent is enough to reprofile endpoint.  Typically it will get you the device OS version and for mobile, maybe the actual device type.

Thanks Craig. Would the configuration be similar to what you already have listed in the endpoint profile guide? Also, I was hoping to do this without the user seeing any type of splash page, even a click-through. But it sounds like that won't be possible. 

That is pretty much so.

ISE also gets this attribute from the device sensor on WLC and from AnyConnect ISE posture agent.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: