Showing results for 
Search instead for 
Did you mean: 

Smart Licensing on ISE: What is the exact URL ISE is talking to when using smart licensing?
Cisco Employee
Cisco Employee


my customer would like to migrate from traditional licensing towards smart licensing. They want to use a proxy to have the ISE talking to the smart portal and want to configure this very resrective.

So the question here is: What exactly is the specific URL the ISE is talking to when using smart licensing?

Thanks in advance.


1 Accepted Solution
6 Replies 6

thanks for the link to the document.  I had some issues getting ISE 2.3 patch 1 talking to Smart Licensing because my customer forces all internet traffic to go through an authenticated proxy.  The tcpdump revealed that it was trying to talk to - but it doesn't handle the proxy part at all (doesn't present the credentials).  We are able to use the same proxy for the SMS gateway.  I have a TAC case open for this.

Roland, I would be interested to know if you get it working through a proxy.

I found your TAC case. TAC is associating it with CSCvd93008 and checking with our engineering team.

Cisco Employee
Cisco Employee

Hi, just wondering if you finally got the proxy working for smart licensing?  If so did it required a patch or did you have a workaround for it?  Thank you.


We have it working now using the https proxy transport mode, but we had to make an exception on the proxy to not request authentication (because that's the issue with ISE - it will gladly use a proxy, but it doesn't remember to send the authentication credentials )

SO either you go https direct, or go https proxy, but with proxy whitelisting (just the IP's of the PAN nodes will do - we told them to whitelist those PAN IP's to go to

There is a third option for Smart Licensing - use a Satellite Server on premise.  We have that working in some cases too and it works.  It means the ISE PANs talk to Satellite on prem and not to the internet.  The Satellite server talks to internet.

But there is an issue with ISE 2.4 and those new VM licenses.  If you happen to have purchased the more expensive license (like Medium_VM) but a node needs the Small_VM, then the Satellite server will tell you that your VM license is out of compliance.  This is a bug because Cisco allows for License Substitution - and that DOES work if you go direct to

Go figure.

Thank you very much for your reply. I see most people just go back to traditional licensing until the proxy issue has been fixed so really appreciate your perseverance with this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers