This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Currently running ISE 1.4 is there a way to define the guest portal url the guests users are redirected to the IP addresses rather than the URL which is giving certificate errors, I'm not seeing any option to set the URL/FQDN within the guest portal
I can only get the portal working when using the ip address which gives a certificate warning when I enter the FQDN the client is not able to resolve the name, the client DNS setting is pointing to 22.214.171.124 to reslove public dns google etc.. how do i get the client to resolve to the guest portal name ?
I struggled with the same issue and the only answer I can think of is to have a DNS server in your DMZ with specific entries that the guest network has access to, or use the Static IP/Host name/FQDN. The irritating thing is that it is no longer possible to add an internal IP range to an external certificate, so a private IP address will always show a cert warning for externally cert authorities.
If using MAB and you use the static ISE IP entry and your guest network doesnt have access to the Network that ISE sits on, then (as far as I understand it) the portal will never load as ISE drops you on the guest network and then redirects to the portal.
If you use dot1x then you can use COA to move from a network that has access to ISE for the portal, to the guest network on authentication.
Have you tried to set "ip host" at PSN CLI?
You must use an alias to a local address
ip host <local addr><local FQDN> <Public FQDN>
ise-psn1/admin(config)# ip host 10.1.91.5 ise-psn1-guest ise-psn1-guest.company.com