Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ISE or NAC Guest with web security (IronPort) integration

All,

We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.

Has anyone there implemented such scenario?

Thank you!

3 REPLIES
Cisco Employee

Cisco ISE or NAC Guest with web security (IronPort) integration

Unfortunately that is not a supported configuration scenario. SSO with IronPort  is not supported.

New Member

Cisco ISE or NAC Guest with web security (IronPort) integration

I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?

Thank you!

Cisco Employee

Cisco ISE or NAC Guest with web security (IronPort) integration

Yes you can. Just configure the Ironport appliance in transparent mode with WCCP, but as you have said, you will loose user granularity.

1220
Views
0
Helpful
3
Replies
CreatePlease to create content