Hi guys.

I´m implementing a Cisco ISE in customer now and I have the follow state:

AUTHENTICATION

mab > wired_mab OR wireless_mab > default network protocos > internal endpoints

employee > wired_802.1x OR wireless_802.1x > Radius Server Sequence

Guest > Default network protocols > internal users.

AUTHORIZATION

Guest IF ActivatedGuest Then PermitAccess (vlan L2)

employee_wired_wifi  IF Workstation AND (Wireless_802.1X  AND Wired_802.1X AND Session:PostureStatus EQUALS Compliant )

then PERMIT_ALL_TRAFFIC

employee_pre_compliant IF Workstation AND (Wireless_802.1X  AND Wired_802.1X AND Session:PostureStatus NOT_EQUALS Compliant )

And others configurations to Smartphones (android and apple) for example.

I configured the CLIENT PROVISIONING like this:

employee_win IF any AND windows all AND conditions any Then WebAgent 4.9.0.24

SO, this configuration permit the scenario bellow:

IF employee have NacAgent software installed - the communication happens and posture initiate.

IF employee don´t have the NacAgent, Open Internet Browser and redirect page start to WebAgent provisioning.

This work.  BUT to redirect the user to provisioning URL, I have to disable de proxy configurations in (Settings>Internet Options>Connections>Lan Settings).

There are some kind of configuration that permit the Redirec Provisioning URL with internet proxy configured???

PS: Also, do not work with I configured the ISE Ip adress in "proxy exceptions".

Best Regards