Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3773
Views
15
Helpful
2
Replies

ISE Guest Portal Test URL Always Going to Secondary PSN

Go to solution
Patrick Lloyd
Cisco Employee
Cisco Employee

‎12-19-2019 06:22 AM

Hi Team,

I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on.  This means that the test URL goes to the UK as opposed to the US where the PAN resides.

 

What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?

3 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-20-2019 11:52 AM

@Patrick Lloyd wrote:

Hi Team,

I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on.  This means that the test URL goes to the UK as opposed to the US where the PAN resides.

 

What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?

I see you went internal, please keep in mind all communication from employees should go to the TMEs first and not to the developers. Please use http://cs.co/cs-ise for internal communication. 

 

In case of Portal Test URL, this is expected behaviour. The first active node will be picked up from the PSN node list while generating the Portal Test URL.

In case of endpoint redirection, there is possibility to configure required Static IP address/Hostname/FQDN in the Authorization Profile to redirect to specific PSN during policy evaluation.

This can’t be used in case of Portal Test Url.

 

For general guidance in the future please so we are using our time efficiently

All technical questions from customers/partners should be directed to our public http://cs.co/ise-community for widest coverage and experience of SMEs. As many partners customers have done stuff that we haven’t.

Before asking any question please search our public forum.

This also allows for archival for the next person that has the same ask. Employees are welcome to add documents contribute to conversations only. Not post questions externally.

 

If there is a critical reason they can't ask there then Cisco employees are welcome to ask internally at http://cs.co/cs-ise

 

The internal forum has limited visibility into solutions out there that partners customers are more aware of and shared.

 

Of course for break fix, etc you should have customer reach out to TAC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎12-19-2019 07:30 AM

Hi Patrick,

The test URL IP address will be from the first active node with policy services enabled.

From the behavior that I have seen, if you have 2 node deployment:

ISE1 as Primary Admin, Secondary MNT, PSN
ISE2 as Secondary Admin, Primary MNT, PSN

Here, ISE1 is PAN and first node with policy services enabled would be ISE2.
So, PAN will use first node with policy services enabled for Portal Test URL i.e. ISE2

Regards,
Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-20-2019 11:52 AM

@Patrick Lloyd wrote:

Hi Team,

I'm observing in two separate deployments that when I visit the guest portal through the Work Centers -> Guest -> Portals and Components page and click the "Portal Test URL", the test portal always opens the second PSN and not the closest to the PAN on which I'm clicking the portal on.  This means that the test URL goes to the UK as opposed to the US where the PAN resides.

 

What is the logic that is used for the portal test URL and which PSN it chooses so I can better articulate this?

I see you went internal, please keep in mind all communication from employees should go to the TMEs first and not to the developers. Please use http://cs.co/cs-ise for internal communication. 

 

In case of Portal Test URL, this is expected behaviour. The first active node will be picked up from the PSN node list while generating the Portal Test URL.

In case of endpoint redirection, there is possibility to configure required Static IP address/Hostname/FQDN in the Authorization Profile to redirect to specific PSN during policy evaluation.

This can’t be used in case of Portal Test Url.

 

For general guidance in the future please so we are using our time efficiently

All technical questions from customers/partners should be directed to our public http://cs.co/ise-community for widest coverage and experience of SMEs. As many partners customers have done stuff that we haven’t.

Before asking any question please search our public forum.

This also allows for archival for the next person that has the same ask. Employees are welcome to add documents contribute to conversations only. Not post questions externally.

 

If there is a critical reason they can't ask there then Cisco employees are welcome to ask internally at http://cs.co/cs-ise

 

The internal forum has limited visibility into solutions out there that partners customers are more aware of and shared.

 

Of course for break fix, etc you should have customer reach out to TAC

0 Helpful
Customers Also Viewed These Support Documents