Wednesday, September 25, 2019

Sane way to report guest wireless traffic? Cisco shop with ISE, Firepower, etc

Right now we have a report that details IP addresses on a guest subnet navigating to certain websites. Basically source IP is the guest device IP, then dest are the external IPs they touch. The report is pretty much completely useless because 1) the source IP gives us no indication of who did what, and 2) the destination isn't looked up in any meaningful way.

We use Cisco ISE for guest portal authentication, FirePower/ASA fire FWing, Cisco WSA for web filtering, Cisco AireOS for wireless, Windows Server DHCP, the works.

What is the best product/way to use these products to get my upper mgmt a report that basically has the Source as the guest username from ISE, and then the destination as the resolved DNS IP or some sort of AVC to categorize what traffic they're using

I imagine Cisco has a product that costs a fortune to do this for me, but I'm wondering what it is :)



No comments:

Post a Comment