cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1722
Views
0
Helpful
3
Replies

Cisco ISE or NAC Guest with web security (IronPort) integration

pzpgd1mlf
Level 1
Level 1

All,

We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.

Has anyone there implemented such scenario?

Thank you!

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

Unfortunately that is not a supported configuration scenario. SSO with IronPort  is not supported.

I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?

Thank you!

Yes you can. Just configure the Ironport appliance in transparent mode with WCCP, but as you have said, you will loose user granularity.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: