Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
792
Views
0
Helpful
1
Replies

ise portal redirect workaround

Spyros Kasapis
Level 1
Level 1

‎02-16-2022 10:17 AM

Hello ,

 

according to this link

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/117278-troubleshoot-ise-00.html#anc11

Scenario 3 - Destination Host is in Different VLAN, Exists, and is SVI 10 UP

 

 

We have the same implementation and the checkpoint firewall drops the request as spoofed or out of state . (The guest vlan and management are in different subnets). If we create an SVI of guest vlan everything works fine but we cannot create it in all the enterprise switches . Do you know any other workaround (we can disable inpection in firewall but not antispoofing) .

 

Thank you .

Labels:
0 Helpful
1 Reply 1

Aref Alsouqi
VIP
VIP

‎02-16-2022 12:42 PM

I think you should enable the TCP state bypass on the Checkpoint firewall to resolve this issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents