Solved: Specify FQDN for guest portal

ryan14 · ‎07-22-2021

Not sure what I am missing here but I am looking for how to specify the guest portal FQDN in ISE. I do see FQDN in client provisioning portal settings, but not guest. When I click on 'portal test url' in guest portal settings, it opens a new tab but with the IP address of my PAN. Where do you specify the name for the guest portal? My A record is working correctly when I manually type it in my browser with the port specified.

Also, I am trying to integrate ISE guest portal for a third party software but the software will not allow me to specify a port number to redirect to (only https://companyserver.com. It is possible to tell ISE to use a non-standard port number such as 443 for guest portal?

ryan14 · ‎07-26-2021

The controller is UniFi. You cannot specify a port number for external portal server, after the FQDN. So if I have a C9800-CL pointing to ISE for guest portal (I know that will work) but the issue is I can't tie in my other controller to ISE for guest portal. I was able to on UniFi, specify radius for authentication, which points to ISE, but the initial portal page loads on UniFi, not ISE.

View solution in original post

Francesco Molino · ‎07-23-2021

Hi

The fqdn is dynamically return based on interface bind to the portal.

If you have Gig0 selected, it will return ISE fqdn you configured (same as the one to access the ISE. Record A based on Gig0 IP).

If you have selected another interface, then you will need to go into cli and add a fqdn using command ip host and also add the right record A on your DNS to resolve this fqdn (with ip host command) to GigX IP.

Which version of ISE are you using. Below a screenshot where I can specify a port for a website to be redirected to:

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ryan14 · ‎07-23-2021

Thanks for the info. I am actually referring to the pre-authorization page. In my wireless controller (not Cisco) it allows me to specify an external URL for web authentication but I cannot specify any port. So if I did point to a FQDN that redirected to Gigabit Ethernet 1 of ISE, would that work, or does the initial guest page not load on 443? I ask because if you look at the Portal Settings, it says you have to specify a port in the range (8000 - 8999). Not sure if that can be changed in the CLI, otherwise this won't work with my other wireless controller.

If I configure Gig Eth 1 on my ISE for Guest Portal, does traffic destined to the IP of Eth 1 reply back from the same interface or go out the default Eth 0?

Thanks.

saxenanitesh8522 · ‎07-24-2021

Hi,

Have to tried to change in the authorization profile, where you can enter a static portal fqdn for the guest and have guest open pages depending on the which ise nodes the request hit.

saxenanitesh8522 · ‎07-24-2021

Sorry for the third party software? what is it? as if it is portal redirection or something else?

Do you want this software post authentication?

if you can help the use case and what is the expectation for the same.

ryan14 · ‎07-26-2021

The controller is UniFi. You cannot specify a port number for external portal server, after the FQDN. So if I have a C9800-CL pointing to ISE for guest portal (I know that will work) but the issue is I can't tie in my other controller to ISE for guest portal. I was able to on UniFi, specify radius for authentication, which points to ISE, but the initial portal page loads on UniFi, not ISE.