https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442912#M100155 <P>Thank you for the post&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/165087">@tamilvanan</a></P><P>&nbsp;</P><P>I am running similar setup in multiple Firewalls. I just tried to reproduce the scenario you mentioned and I got the same result. For the session that has already user-ip mapping from user-id agent, I was not getting redirection to captive portal despite fact that I configured in authentication policy source as "any" and&nbsp;Authentication Enforcement: default-web-form. Based on my test I would say what you are experiencing is expected, however I could not find any reference in documentation to back this up.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Fri, 22 Oct 2021 13:53:55 GMT PavelK 2021-10-22T13:53:55Z https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442886#M100152 <P>Hi Team,</P><P>&nbsp;</P><P>We had configured captive portal on the firewall recently.</P><P>&nbsp;</P><P>In Authentication policy we had selected source users as any and we are using Active Directory for Authentication.</P><P>&nbsp;</P><P>Also we had configured agentless user-id mapping on the firewall and server monitoring to fetch details from AD server for User-IP mapping to feed onto the firewall.</P><P>&nbsp;</P><P>When an unknown user tries to access internet we are getting captive portal re-direction but for devices which have user-ip mapping fetched from AD server Captive portal redirection is not happening.</P><P>&nbsp;</P><P>Is this an expected behaviour for users who are already got user-IP mapped through AD source to not get Captive portal redirection.</P><P>&nbsp;</P><P>I had seen previously it works for Global Protect users but not sure about AD users.</P><P>&nbsp;</P><P>Done troubleshooting as per below doc also:</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZiCAK#:~:text=Verify%20Captive%20Portal%20is%20enabled,for%20the%20traffic%20in%20question" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZiCAK#:~:text=Verify%20Captive%20Portal%20is%20enabled,for%20the%20traffic%20in%20question</A>.</P><P>&nbsp;</P><P>Also SSL forward proxy decryption is configured on the firewall.</P><P>&nbsp;</P><P>Thanks in advance</P><P>&nbsp;</P> Fri, 22 Oct 2021 12:32:47 GMT https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442886#M100152 tamilvanan 2021-10-22T12:32:47Z https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442912#M100155 <P>Thank you for the post&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/165087">@tamilvanan</a></P><P>&nbsp;</P><P>I am running similar setup in multiple Firewalls. I just tried to reproduce the scenario you mentioned and I got the same result. For the session that has already user-ip mapping from user-id agent, I was not getting redirection to captive portal despite fact that I configured in authentication policy source as "any" and&nbsp;Authentication Enforcement: default-web-form. Based on my test I would say what you are experiencing is expected, however I could not find any reference in documentation to back this up.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Fri, 22 Oct 2021 13:53:55 GMT https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442912#M100155 PavelK 2021-10-22T13:53:55Z https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442926#M100157 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/165087">@tamilvanan</a>,</P> <P>This is expected behavior. Captive Portal only triggers on unknown users and doesn't trigger for IPs that already have a user-id mapping.&nbsp;</P> Fri, 22 Oct 2021 14:12:54 GMT https://live.paloaltonetworks.com/t5/general-topics/authentication-of-users-through-captive-portal-query/m-p/442926#M100157 BPry 2021-10-22T14:12:54Z