Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1140
Views
0
Helpful
2
Replies

ISE 1.3 Patch 7 - Profiler Feed service through proxy

Go to solution
smp
Level 4
Level 4

‎07-28-2016 08:18 AM

I just discovered our Profiler Feed service has not been updating. ISE must go through an authenticated proxy to access the feed URL, and the proxy settings have been configured correctly. I know this because I took a packet capture on the admin node and I see a successful call to our external MDM. But for the feed service, I see ISE (successfully) resolving the DNS name ise.cisco.com, but then it attempts to make a direct TCP connection to ise.cisco.com:8443, which is obviously bypassing our proxy and fails.

It appears the MDM service is using the proxy settings, but the Profiler Feed service is ignoring them. But I found this document which appears to state that the Profiler Feed service should be using the proxy settings. Is this a known bug in 1.3?

Cisco Identity Services Engine Administrator Guide, Release 1.3  - Administer Cisco ISE [Cisco Identity Services Engine]…

Specify Proxy Settings in Cisco ISE

If your existing network topology requires you to use a proxy for Cisco ISE, to access external resources (such as the remote download site where you can find client provisioning and posture-related resources), you can use the Admin portal to specify proxy properties.

The proxy settings impact the following Cisco ISE functions:

  • Partner Mobile Management
  • Endpoint Profiler Feed Service Update
  • Endpoint Posture Update
  • Endpoint Posture Agent Resources Download
  • CRL (Certificate Revocation List) Download

The Cisco ISE proxy configuration supports basic authentication for proxy servers. NT LAN Manager (NTLM) authentication is not supported.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
smp
Level 4
Level 4
In response to Timothy Abbott

‎07-28-2016 11:56 AM

I just confirmed myself that I am affected by CSCuv08236Submit - wildcard proxy exception not working for ISE profiler feed service. I removed the wildcard domain I had referenced in Administration [System] > Settings > Proxy > Bypass proxy for these hosts and domains, and the update was successful.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎07-28-2016 11:21 AM

There are a couple known issues around this.  To determine which if any you may be hitting, please reach out to the TAC to troubleshoot.

Regards,

-Tim

0 Helpful

Go to solution
smp
Level 4
Level 4
In response to Timothy Abbott

‎07-28-2016 11:56 AM

I just confirmed myself that I am affected by CSCuv08236Submit - wildcard proxy exception not working for ISE profiler feed service. I removed the wildcard domain I had referenced in Administration [System] > Settings > Proxy > Bypass proxy for these hosts and domains, and the update was successful.

0 Helpful
Customers Also Viewed These Support Documents