Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4333
Views
0
Helpful
7
Replies

How do I query the Sponsor Portal FQDN to the DNS server?

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎01-20-2020 06:26 PM

We are running a Window DNS server.

How do I query the Sponsor Portal FQDN to the DNS server?

 

KakaoTalk_20200121_104013743.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to JustTakeTheFirstStep

‎01-21-2020 10:26 PM

This setting allows you to configure a 'Friendly FQDN' for the Sponsor Portal. When configured, ISE will automatically redirect any http/https requests using this FQDN to the respective portal ID for the Sponsor Portal.

 

For example:

ISE node hostname is 'ise.site.local'

You can configure a Friendly FQDN of 'sponsor.site.local'. This FQDN would be communicated to your end users and they would type that URL (http://sponsor.site.local or https://sponsor.site.local; no port number required) to access the Sponsor Portal.

 

This requires that you configure a record on your DNS server for 'sponsor.site.local' with the IP address of the ISE PSN (or LB VIP, or DNS round robin; depending on your architecture) so the users can resolve it.

You also need to ensure this Friendly FQDN is included in the SAN field for your portal certificate, or your users will get a certificate warning.

 

For more information on Guest Access, see the ISE Guest Access Prescriptive Deployment Guide 

 

Cheers,

Greg

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-20-2020 07:07 PM

Hi

I'm not sure i understand your question.
Let's assume your ise server is named ise.company.com.
If you want to access the sponsor portal, you should put a long url with portal id... By setting this field, you can put sponsor.company.com and a client will resolve this fqdn with your ise ip related to the ise nic attached to this portal. In your example dns must return gig0 ip of ise.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Francesco Molino

‎01-21-2020 09:55 PM

Thank you for your answers.

But I still don't know how to enter the FQDN of the Sponsor Portal.

ISE's FQDN is ns.ise.com.

If you change the FQDN of the sponsor portal to sponsor.ise.com, "Site is not reachable"

I think we should set it up so that we can query it on the DNS server.

But I don't know what to do.

ISEip:8445/sponsorportal/PortalSetup.action?portal=274a95f0-2e58-11e9-98fb-0050568775a3

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to JustTakeTheFirstStep

‎01-21-2020 10:26 PM

This setting allows you to configure a 'Friendly FQDN' for the Sponsor Portal. When configured, ISE will automatically redirect any http/https requests using this FQDN to the respective portal ID for the Sponsor Portal.

 

For example:

ISE node hostname is 'ise.site.local'

You can configure a Friendly FQDN of 'sponsor.site.local'. This FQDN would be communicated to your end users and they would type that URL (http://sponsor.site.local or https://sponsor.site.local; no port number required) to access the Sponsor Portal.

 

This requires that you configure a record on your DNS server for 'sponsor.site.local' with the IP address of the ISE PSN (or LB VIP, or DNS round robin; depending on your architecture) so the users can resolve it.

You also need to ensure this Friendly FQDN is included in the SAN field for your portal certificate, or your users will get a certificate warning.

 

For more information on Guest Access, see the ISE Guest Access Prescriptive Deployment Guide 

 

Cheers,

Greg

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Greg Gibbs

‎01-21-2020 10:28 PM

Thank you.
I created Sponsor.domain.com on the DNS server with the same record as the ISE IP and succeeded in defining the Sponsor potal FQDN.
0 Helpful

Go to solution
kaushalparab
Level 1
Level 1
In response to Greg Gibbs

‎03-26-2020 11:16 PM

Hi Greg,

 

My sponsor portal URL is very log when i click on - "portal test url"

 

https://172.x.x.x:8445/sponsorportal/PortSetup.action?portal=40963c00-2e02-11e8-xsse-re24dd29384729237

 

After giving FQDN for example like -  http://sponsor.site.local to 172.x.x.x:8445 then how to about rest of the url which is sponsorportal/PortSetup.action?portal=40963c00-2e02-11e8-xsse-re24dd29384729237?  i want to hide this long url part else after FQDN url will be like below.

 

http://sponsor.site.local /sponsorportal/PortSetup.action?portal=40963c00-2e02-11e8-xsse-re24dd29384729237

 

Is it posible to reduce the url length? and only keep it to http://sponsor.site.local ?  i really need this uregent, appreicate your response. 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to kaushalparab

‎03-29-2020 03:11 PM

ISE supports multiple portals, so it uses the Portal ID to identity which portal to use for a particular flow (Sponsor Portal, Guest Portal, BYOD Portal, etc). When you specify a "Friendly" FQDN for the direct access portals (Sponsor, My Devices, etc) ISE essentially maps that internally to the particular Portal ID.

This FQDN is meant to make it easier for users to browse to the Sponsor Portal by using the "Friendly" FQDN (e.g. http://sponsor.site.local). When ISE receives the HTTP request with this URL, it automatically does an internal redirect to the full FQDN that includes the Portal ID.

I'm not aware of a way to hide the resulting real FQDN after the automatic redirect as this is how HTTP redirects work. I don't believe I've had a customer for which this presented a problem.

What is the reason for wanting to hide the resulting real FQDN?

0 Helpful

Go to solution
kaushalparab
Level 1
Level 1
In response to Greg Gibbs

‎03-29-2020 06:09 PM

Hi Greg,

your reply exactly satisfied my queries already. initially my doubt was after giving friendly FQDN how come PSN will magically redirect the request to long protal ID. but as you mentioned and clarifies that - "automatically does an internal redirect to the full FQDN that includes the Portal ID" that's what i wanted. so that when sponspor admin type below:

https://iseporturl.com

then PSN will auto redirect to the below long url with portal ID.

https://iseportal.com:8445/sponsorportal/PortalSetup.action?portal=40963c00-2e02-11e8-ba71-005056872c7f&oneClickToken=QvE9rqxYVR8lL8XmcpdQtQ==&oneClickAction=Approve

so that as admin i dont need to worry about long portal ID part how to make it redirect but PSN itself will do that redirection.

i will test this out today evening and let you know the results.

Thanks a lot. Appreciate.
0 Helpful
Customers Also Viewed These Support Documents