05-14-2019 08:26 AM
If I need to get a third-party cert for my posture portal, how can I change the URL of the portal? Currently it redirects to the servername followed by my internal domain name. Is it possible to tie this to an external domain name?
Solved! Go to Solution.
05-17-2019 05:11 AM
Just a point of clarification here because this is one of the frequently misunderstood parts of posturing. You need the client provisioning portal to control settings on the posture module, but if you aren't using the client provisioning portal to install AnyConnect or the posture module (and you shouldn't in my opinion) there is no reason your client should EVER see the client provisioning portal. If they are seeing the client provisioning portal it means your redirect ACL is wrong. The only traffic you need to redirect is the discovery traffic which is port 80 to the default gateway IP and port 80 to enroll.cisco.com (72.163.1.80).
05-14-2019 09:29 AM
Assuming you meant ISE client provisioning portals, recent ISE releases (e.g. ISE 2.2) allows us to set a FQDN at the Portals Settings and Customization > Portal Behavior and Flow Settings > Portal Settings > Fully qualified domain name (FQDN)
Another way is to enable and set a value for "Static IP/Host name/FQDN" in the authorization profile.
05-14-2019 09:33 AM
05-14-2019 09:44 AM
You got it right!
05-14-2019 12:24 PM
05-16-2019 09:06 PM
ISE Posture service is needing such portal. For instance, it uses the ISE server certificate defined in this portal during posture assessment, if Call Home list defined with either {FQDN|IP}:{CP-Portal-Portal-Number}. Also used if using NAD URL redirects.
05-17-2019 05:11 AM
Just a point of clarification here because this is one of the frequently misunderstood parts of posturing. You need the client provisioning portal to control settings on the posture module, but if you aren't using the client provisioning portal to install AnyConnect or the posture module (and you shouldn't in my opinion) there is no reason your client should EVER see the client provisioning portal. If they are seeing the client provisioning portal it means your redirect ACL is wrong. The only traffic you need to redirect is the discovery traffic which is port 80 to the default gateway IP and port 80 to enroll.cisco.com (72.163.1.80).
05-17-2019 07:33 AM
05-17-2019 08:37 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide