cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1337
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cisco ISE or NAC Guest with web security (IronPort) integration

All,

We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.

Has anyone there implemented such scenario?

Thank you!

3 REPLIES 3
Cisco Employee

Cisco ISE or NAC Guest with web security (IronPort) integration

Unfortunately that is not a supported configuration scenario. SSO with IronPort  is not supported.

Beginner

Cisco ISE or NAC Guest with web security (IronPort) integration

I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?

Thank you!

Cisco Employee

Cisco ISE or NAC Guest with web security (IronPort) integration

Yes you can. Just configure the Ironport appliance in transparent mode with WCCP, but as you have said, you will loose user granularity.