This document describes the configuration required on ISE application to send SMS messages via HTTP and HTTPS methods via Clickatell SMS gateways.
It is only possible to send SMS messages to ISE guest users using email or HTTP GET method. The Http GET method to send SMS messages introduces a security concern whereby the SMS text message is included as part of the Http request URL, and easily be intercepted by a Man in the Middle
The more secure mechanisms, as compared to the HTTP GET option above, for transmitting SMS messages via HTTP and HTTPS using ISE configuration is not functional.
The Clickatell gateway does not support HTTP / HTTPS POST method to include SMS message as part of the message body. As a solution, the Clickatell REST API has now been employed to send SMS messages as body of the HTTP POST request.
The implementation within ISE for transmitting SMS messages using HTTPS has now been fixed
These fixes are available as part of these ISE releases and patches :
The ISE admin has to login to the Clickatell SMS portal and set up a REST API, and the id of that API has to be used while sending the SMS messages over HTTP/S requests
The values of mo=1 and x-version=1
The “From” phone number is provided by the Clickatell SMS two way account ( this type of account and having a From number is mandatory in the US region by law ). Even in regions such as India, with one way SMS a From number must be used ( which can be obtained from the Clickatell SMS portal or working with the Clickatell helpdesk ). The use of “From” number incurs additional cost compared to sending a one way SMS but is the recommended approach from a security and message credibility standpoint.
The “From” phone number can be entered on an ISE portal page either in a format (country-code) (phone number) for e.g. 15556661212 or in the E.164 format +15556661212
Send SMS Using HTTPS GET Method
The ISE application already supports sending SMS messages to the Clickatell SMS gateway
Using the HTTP GET method. The below configuration is for HTTPS GET method where everything else remains same as for HTTP GET except:
the Clickatell certificate has to be imported into the ISE certificate trust-store
the URL starts with HTTPS
While importing the certificates,
We Need to ensure the Serial Number of Thawte Primary Root CA which we are having by default (in our trusted store) and api.clickatell.com’s Thawte Primary Root CA’s Serial number matches.
Thawte Primary Root CA issued Certificates to Thawte SSL CA – G2 and also Thawte SSL CA – G3 (G2 to api.clickatell.com & G3 to Clickatell.com). If we import G3, things fail as Trust in cert chain breaks. It is mandatory to import G2 certificate.
And finally, there is a wild card certificate issued to Clickatell (for all its services) than the regular certificate. Imported *.clickatell.com too in to the trusted chain of certificates.
Anybody please help me to sort the issue with IPsec profiling in site to site VPN between Fortigate and Cisco rv042 .Since i haven't find any KBA article relevant to this topic.How i shall select the encryotion, hashing and DH group for both phase 1 and 2...
My company laptop will only access the internet when connected via Cisco AnyConnect VPN. I would like to be able to access the web without having to go through this VPN as it is highly restricting - yes, I am aware that it serves a purpose in filtering th...
Hello, Here's a simple topology: For the VLAN2, I'd like to allow only internet traffic. Here's the ACL:access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq 80access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq 443access-list 100 per...
I tried to create OSPF neighbors between Inside and dmz.As below topology, ASAv g0/1 connected to inside_2, g0/2 connected to dmzASAv g0/1 18.104.22.168/24ASAv g0/2 192.168.244.254/24Inside_2 e0/0 22.214.171.124/24， lo0 126.96.36.199/24dmz ...
Hello. I configured ISE Dot1.x to authenticate the users with AD over PEAP and inner method MSCHAPv.2 .Every things goes well, until a new user in Active Directory wants to login for the fist time on domain PC.The new user don't have any previous log...