Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
3
Helpful
7
Replies

ISE Guest with OpenDNS

Go to solution
joshhunter
Level 4
Level 4

‎04-28-2016 05:51 AM

Hello, is anyone using OpenDNS for their DNS as Guest content filtering with ISE?

The only problem I envisage is that we want to use a wildcard certificate to prevent certificate warning in browsers.

So this means users need to resolve the DNS name of ISE guest portal to the internal IP as part of the re-direct process.

1 Accepted Solution

Accepted Solutions

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to joshhunter

‎04-28-2016 12:36 PM

That's exactly what I am suggesting Josh.  If you know what you are doing and why you are doing it, then you are free to bend rules.  If the requirement is "point my guests to opendns" then that is your only option.  The other option you could consider is having your guests point to a DNS forwarder in your own network.  Then your DNS server could resolve your own domain locally while forwarding all other requests to opendns' name servers.

George

View solution in original post

7 Replies 7

Go to solution
gbekmezi-DD
Level 5
Level 5

‎04-28-2016 08:48 AM

Is there a reason you don't want to publish the ISE guest portal A record to external DNS? 

0 Helpful

Go to solution
joshhunter
Level 4
Level 4
In response to gbekmezi-DD

‎04-28-2016 08:59 AM

Hi George, I have had a look at OpenDNS free package and there does not appear to be a way to add an A record.

Have you any information on this?

I want the benefits of content filtering the guest using OpenDNS but for the ability to resolve the ISE Guest Portal IP.

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to joshhunter

‎04-28-2016 09:48 AM

You still have to publish DNS records using whatever method your organization or your customer's organization does for other records.  For example, if my domain is bekmezian.com I go to my DNS configuration (for me it's WebKor) and I add a record for guest.bekmezian.com.  Nothing to do in OpenDNS except for ensure you don't Block internal IP addresses (screenshot attached):

Go to solution
joshhunter
Level 4
Level 4
In response to gbekmezi-DD

‎04-28-2016 12:10 PM

Hi George, Are you suggesting you add an 'A record' that maps to a private ip on a public DNS?

So, lets say for example I own the domain of isecold.com and I have a wildcard certificate that is allows for *.isecold.com

I would then add a public DNS entry for example for guest.isecold.com to my private IP address (ISE Guest Portal IP).


That way my guests can still use opendns and resolve guest.isecold.com and SSL certicate would work.

The only thing that may prevent this is if my Domain/DNS provider would not allow a private IP.

I've read a few different forums with many suggesting this is bad practice even if you provider does allow it.

Thanks

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to joshhunter

‎04-28-2016 12:36 PM

That's exactly what I am suggesting Josh.  If you know what you are doing and why you are doing it, then you are free to bend rules.  If the requirement is "point my guests to opendns" then that is your only option.  The other option you could consider is having your guests point to a DNS forwarder in your own network.  Then your DNS server could resolve your own domain locally while forwarding all other requests to opendns' name servers.

George

Go to solution
joshhunter
Level 4
Level 4
In response to gbekmezi-DD

‎04-28-2016 12:41 PM

or possibly the Internet Firewall can inspect client DNS requests and intercept.

Thanks George.

0 Helpful

Go to solution
joshhunter
Level 4
Level 4
In response to gbekmezi-DD

‎05-03-2016 04:15 PM

Worked perfectly George as you suggested.

Thanks

0 Helpful
Customers Also Viewed These Support Documents