I have the following problem. I use Cisco ISE to assign group-policy to clients based on the authorization result. I can see successfully applied policy in the Client page via 802.1x. The thing is that the configured filtering (content or URL) doesn't work when the group-policy is applied via dot1x. L3 firewall works, there is no issue. When I apply group-policy manually to the client, everything works as expected. The support told me that it is expected behaviour: the policy does apply to layer 3 for the MX and the MR but not per SSID.
Suggestion is to apply policy manually or via AD.
But I would like to have it applied via dot1x. Does anybody have experience with this?
the client I test from is connected to the wifi, so dot1x should be applied as per the documentation. This works, group-policy is applied. The second table says that content filtering is not supported on the MR - correct. I expect that the content filtering in my situation is done on the MX. And if the content filtering is done on the MR then my question is why the content filtering works when I assign the group-policy manually to the client.