Does anyone implements Cisco ISE with the proxy like Bluecoat ?
After the users authentication and authorization are accepted, mean that they are ready to WWW. but they still need to authenticate with Bluecoat again to access the internet.
It is going to depend on the supplicant you use and the device type. What kind of device are you trying to use and what is the supplicant? There are some issues with mobile devices and proxies specifically with bypass lists.
Does the blue coat support anything such as transparent proxy? Ironport does this in a way that when it is integrated with Active Directory it can find the user to ip mapping and set the condition on the fly without redirecting users for authentication.
You mean that if the bluecoat supports the transparent proxy and it able to integrate with LDAP or Active Directory. It will work for this scenario, right ?
Does Bluecoat and Cisco ISE need to join on the same Active Directory to perform this scenario ?
PAC file is needed for iOS devices as there isn't an option for a bypass list. But on the Android devices you can't point to the PAC file but you can put in a bypass list.
We use BC in tranparent mode, so all AD traffic will authenticate no problem. We are looking to authetnciate users created by ISE guest, I nkow can be done with Ironport, just wondered if you got round this?
i wonder how you control the users thru BC who authenticated by ISE, in our scenario the wireless users authenticated against ISE and we set "do not authenticate option" in BC for the same users but in this case we unable to apply BC policies/Rules, if we enable authentication in BC then users need to provide credential two times, isn't it?
regards,
- Moin -
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
