topic Re: passthrough page without authentication in General Topics

passthrough page without authentication

rossellamj — Fri, 14 Oct 2011 20:32:06 GMT

Hi all, I have a 2050 pair and I'm trying to find a way to prensent my users with a page with 'terms of use' that they would accept and continue on to a list of websites that I can control. I don't want to authenticate the users, just give them a splash page and let them go through, is this possible? Thanks in advance.

Re: passthrough page without authentication

gswcowboy — Fri, 14 Oct 2011 20:50:22 GMT

Are you referring to Captive Portal for 'Unknown' users? If that's the case, I don't believe it's feasible and this would fall under the category of a feature request. If' you're referring to users that are already authenticated in the network(probably not what you're referring to but...) you have the option to modify the url continue response page to your heart's content.

-Renato

Re: passthrough page without authentication

rossellamj — Fri, 14 Oct 2011 20:53:04 GMT

Yes, I was referring to 'unknown' users. I will see what I need to do to put in a feature request. Thanks for your reply.

Re: passthrough page without authentication

rossellamj — Fri, 14 Oct 2011 20:55:55 GMT

is the process for feature request still to submit to SE?

Re: passthrough page without authentication

gswcowboy — Fri, 14 Oct 2011 20:57:20 GMT

Yes, the FRs go through your Local Sales SE or Reseller.

Regards,

Renato

Re: passthrough page without authentication

rossellamj — Fri, 14 Oct 2011 21:06:51 GMT

So, in the meantime and as a workaround I should be able to use URL filtering to block all domains that are not mine, and then when the user tries to go somewhere else the URL block page gives an explanation of the terms of use. Do you think this would work? or can you think of other things I can do to get to the same result?

Re: passthrough page without authentication

gswcowboy — Fri, 14 Oct 2011 21:21:47 GMT

After giving it some more thought, you can create a security policy rule and select 'unknown' users and associate your url profile that has your modified response page that allows them only to your whitelisted urls. Disregard the feature request as this should work. No authentication as you're allowing 'unknown' users but to selected whitelisted urls while you block all other categories.

Regards,

Renato

Re: passthrough page without authentication

rossellamj — Sat, 22 Oct 2011 00:35:12 GMT

Alright, well.. this works but not completely. I've run into an issue with macs and iphones. See my rules here:

rule1: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:dhcp/dns service:application-default action:allow profile:none

rule2: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:any service:any action:allow profile:filter1

filter1: block all URLs + whitelist: *.chemeketa.edu

Everything works fine on Windows and on my very old Android phone, the user is redirected to the url-blocking page. Perfect!

Tried with a Mac and iphone: because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication). So the Login window pops up, if the user cancels out of that window he/she gets disconnected from the network. If the user disregards that Login page and opens up a browser they are redirected to my url-blocking page and everything looks normal. But this situation is confusing for the users that are presented with the Login page and won't know what to do or will cancel it.

We tried including www.apple.com in our whitelist. Now because the Mac client CAN go to www.apple.com no Login window pops up, however, www.apple.com doesn't render correctly and the users who have www.apple.com as their homepage are going to be all confused and are likely going to think their 'internet is broken'.

All I can think I can do now is just tell my users "If you get a Login page on your device, disregard it and just open a browser". Can you think of any other trick I can try to make this works as closely as possible to a passthrough page?

Thanks!

Re: passthrough page without authentication

gswcowboy — Sat, 22 Oct 2011 04:22:40 GMT

Hi,

What do you mean when you say "because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication)." I'll have to test with an iPhone and perhaps an iPad but would like to know more as to what you're referring to above.

Thanks,

Renato

Re: passthrough page without authentication

jleung — Sun, 23 Oct 2011 07:13:34 GMT

Hi,

If you don't want the apple homepage to be broken you could use *.apple.com instead. There are many imagesand files hosted in other domains such as image.apple.com. You need wildcard.

Regards,

Jones

Re: passthrough page without authentication

rossellamj — Mon, 24 Oct 2011 16:09:33 GMT

that works, thanks.