Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3809
Views
0
Helpful
4
Replies

ISE Guest Portal Settings - HTTPS Port Range

Go to solution
rdediana
Cisco Employee
Cisco Employee

‎07-10-2018 02:44 PM

Hello team.

Looking for some insight regarding the port range available for the ISE Guest portal.

Today, using the portal setting UI in ISE the available port domain is 8000-8999.

  • What is the reasoning behind this limitation?

Or, asked a differently.

  • Why are we not able to uniquely bind the Guest portal to port 443; on a unique interface, or any interface?

Considering that for portal configuration illustrated below, the interface (Gigabit Ethernet 2) is exclusively reserved for Guest Portal / CWA workflow. Nothing else would be expected on that socket (IP:PORT combination).

I have a situation where a client-side policy is configured on end-user devices which prevents access to port 8443.

ise_8443.png

Any guidance or insight that could be shared with the customer would be greatly appreciated.

Regan

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎07-11-2018 07:52 AM

Specific implementation logic/decisions can't be discussed in a public community thread. Please contact your Cisco support team to get the specifics. Those can only be shared on an NDA with the customer.

- Krish

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to EvaldasOu

‎11-05-2019 08:04 AM - edited ‎11-05-2019 08:20 AM

I recommend providing http://cs.co/ise-feedback if there is a way we can do something better in the future. This goes directly to our Product managers.

 

You can change the portal you're using under portal settings

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011100.html#reference_1F6EF09DE16E480096C2619625C256C5

View solution in original post

0 Helpful
4 Replies 4

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎07-11-2018 07:52 AM

Specific implementation logic/decisions can't be discussed in a public community thread. Please contact your Cisco support team to get the specifics. Those can only be shared on an NDA with the customer.

- Krish

0 Helpful

Go to solution
EvaldasOu
Level 4
Level 4
In response to kvenkata1

‎11-05-2019 07:41 AM

This is funny actually... To discuss why ISE Guest portal runs on port 8443 instead 443 we need to sign NDA :)  ... 

 

Guess I will do reverse proxy here... we need to use "duck tape" workarounds for "duck tape" designs.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to EvaldasOu

‎11-05-2019 08:04 AM - edited ‎11-05-2019 08:20 AM

I recommend providing http://cs.co/ise-feedback if there is a way we can do something better in the future. This goes directly to our Product managers.

 

You can change the portal you're using under portal settings

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011100.html#reference_1F6EF09DE16E480096C2619625C256C5

0 Helpful

Go to solution
EvaldasOu
Level 4
Level 4
In response to Jason Kunst

‎11-05-2019 08:20 AM

Thanks @Jason Kunst , will do!

 

@rdediana I have configured nginx proxy and I do redirect from here to custom ise port (8443):

server {
server_name ise-reverse-proxy-on-nginx.company-name.com;
return 308 https://ise.company-name.com:8443/portal/g?p=abcdefgh;
}

0 Helpful
Customers Also Viewed These Support Documents