cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
395
Views
0
Helpful
2
Replies

ISE 3.0 Bypass Proxy Wildcard support does not work

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor

Hello,

I recently enabled web proxy on my ISE 3.0 patch 5 deployment to allow ISE to access the internet Profiler Feed.

I already had configured ISE to download the CRL from my Issuing CAs - and I noticed that the CRL downloads (which use http) started failing after I enabled the proxy feature.  I thought that by putting a *.company.com in the Bypass List, ISE would not attempt to use the Proxy for the internal http stuff. But I was wrong. Wildcards are apparently supported, but they don't work as advertised. I had to fix the CRL download issue by adding the FQDN of the CA web server (e.g. myca.company.com) - viola! Fixed.  

Anyone know how to make wildcard support work as documented?

 

2 Replies 2

hslai
Cisco Employee
Cisco Employee

This is a known limitation -- CSCuu66261: Proxy-bypass for CRL Retrieval Not Working with Wildcard domain list

thanks @hslai - it seems it's been a "known limitation" forever. Why doesn't Cisco just fix it? These kind of bugs are almost inexcusable in my opinion. Such basic stuff. Proxy is not a new feature, and it's not exactly rocket science either. The impact of enabling Proxy in ISE breaks things that used to work - causes issues in customer networks. I get the feeling not many customers use proxy (probably because it's always been buggy). So excuse me if I am venting instead of turning a blind eye and looking for my own workarounds.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers