I recently enabled web proxy on my ISE 3.0 patch 5 deployment to allow ISE to access the internet Profiler Feed.
I already had configured ISE to download the CRL from my Issuing CAs - and I noticed that the CRL downloads (which use http) started failing after I enabled the proxy feature. I thought that by putting a *.company.com in the Bypass List, ISE would not attempt to use the Proxy for the internal http stuff. But I was wrong. Wildcards are apparently supported, but they don't work as advertised. I had to fix the CRL download issue by adding the FQDN of the CA web server (e.g. myca.company.com) - viola! Fixed.
Anyone know how to make wildcard support work as documented?
thanks @hslai - it seems it's been a "known limitation" forever. Why doesn't Cisco just fix it? These kind of bugs are almost inexcusable in my opinion. Such basic stuff. Proxy is not a new feature, and it's not exactly rocket science either. The impact of enabling Proxy in ISE breaks things that used to work - causes issues in customer networks. I get the feeling not many customers use proxy (probably because it's always been buggy). So excuse me if I am venting instead of turning a blind eye and looking for my own workarounds.