12-19-2019 06:22 AM
Hi Team,
I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on. This means that the test URL goes to the UK as opposed to the US where the PAN resides.
What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?
Solved! Go to Solution.
12-20-2019 11:52 AM
@Patrick Lloyd wrote:
Hi Team,
I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on. This means that the test URL goes to the UK as opposed to the US where the PAN resides.
What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?
I see you went internal, please keep in mind all communication from employees should go to the TMEs first and not to the developers. Please use http://cs.co/cs-ise for internal communication.
In case of Portal Test URL, this is expected behaviour. The first active node will be picked up from the PSN node list while generating the Portal Test URL.
In case of endpoint redirection, there is possibility to configure required Static IP address/Hostname/FQDN in the Authorization Profile to redirect to specific PSN during policy evaluation.
This can’t be used in case of Portal Test Url.
For general guidance in the future please so we are using our time efficiently
All technical questions from customers/partners should be directed to our public http://cs.co/ise-community for widest coverage and experience of SMEs. As many partners customers have done stuff that we haven’t.
Before asking any question please search our public forum.
This also allows for archival for the next person that has the same ask. Employees are welcome to add documents contribute to conversations only. Not post questions externally.
If there is a critical reason they can't ask there then Cisco employees are welcome to ask internally at http://cs.co/cs-ise
The internal forum has limited visibility into solutions out there that partners customers are more aware of and shared.
Of course for break fix, etc you should have customer reach out to TAC
12-19-2019 07:30 AM
Hi Patrick,
The test URL IP address will be from the first active node with policy services enabled.
From the behavior that I have seen, if you have 2 node deployment:
ISE1 as Primary Admin, Secondary MNT, PSN
ISE2 as Secondary Admin, Primary MNT, PSN
Here, ISE1 is PAN and first node with policy services enabled would be ISE2.
So, PAN will use first node with policy services enabled for Portal Test URL i.e. ISE2
Regards,
Dinesh Moudgil
12-20-2019 11:52 AM
@Patrick Lloyd wrote:
Hi Team,
I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on. This means that the test URL goes to the UK as opposed to the US where the PAN resides.
What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?
I see you went internal, please keep in mind all communication from employees should go to the TMEs first and not to the developers. Please use http://cs.co/cs-ise for internal communication.
In case of Portal Test URL, this is expected behaviour. The first active node will be picked up from the PSN node list while generating the Portal Test URL.
In case of endpoint redirection, there is possibility to configure required Static IP address/Hostname/FQDN in the Authorization Profile to redirect to specific PSN during policy evaluation.
This can’t be used in case of Portal Test Url.
For general guidance in the future please so we are using our time efficiently
All technical questions from customers/partners should be directed to our public http://cs.co/ise-community for widest coverage and experience of SMEs. As many partners customers have done stuff that we haven’t.
Before asking any question please search our public forum.
This also allows for archival for the next person that has the same ask. Employees are welcome to add documents contribute to conversations only. Not post questions externally.
If there is a critical reason they can't ask there then Cisco employees are welcome to ask internally at http://cs.co/cs-ise
The internal forum has limited visibility into solutions out there that partners customers are more aware of and shared.
Of course for break fix, etc you should have customer reach out to TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide