cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

178
Views
0
Helpful
3
Replies
Highlighted
Participant

Get HTTP User-Agent with URL redirect where endpoint doesn't see webpage

I really want to get the HTTP User-Agent attribute on my endpoints. I understand that the only ways to do that are URL redirect or SPAN. I don't want to do SPAN. 

 

But using the URL redirect doesn't really seem to work for me either because I don't want my endpoints to have a webpage pop up with a prompt just so I can get this one attribute.

 

Am I looking at this the wrong way?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

To fetch user agent attribute via redirect, it does need to be redirected to PSN, not external server which would need to have web page interaction. However, you could devise this as a one-time pop.  For example, when profile not fully known due to missing user agent, you could return redirect with a welcome page.  Once user agent learned, that could trigger reprofile and CoA along with new AuthZ policy that does not redirect them.  However, you take the chance that the user agent is enough to reprofile endpoint.  Typically it will get you the device OS version and for mobile, maybe the actual device type.

View solution in original post

3 REPLIES 3
Highlighted
Beginner

To fetch user agent attribute via redirect, it does need to be redirected to PSN, not external server which would need to have web page interaction. However, you could devise this as a one-time pop.  For example, when profile not fully known due to missing user agent, you could return redirect with a welcome page.  Once user agent learned, that could trigger reprofile and CoA along with new AuthZ policy that does not redirect them.  However, you take the chance that the user agent is enough to reprofile endpoint.  Typically it will get you the device OS version and for mobile, maybe the actual device type.

View solution in original post

Highlighted

Thanks Craig. Would the configuration be similar to what you already have listed in the endpoint profile guide? Also, I was hoping to do this without the user seeing any type of splash page, even a click-through. But it sounds like that won't be possible. 

Highlighted

That is pretty much so.

ISE also gets this attribute from the device sensor on WLC and from AnyConnect ISE posture agent.

Content for Community-Ad