https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3022#M2249 <HTML><HEAD></HEAD><BODY><P>When you have no IP to user mapping for a particular IP address, for traffic that comes in on a zone that has User Identification enabled, AND a CP policy is enabled, then the CP page should be triggered.</P><P></P><P>When looking at the Security policy, you are trying to restrict traffic for only "Known" users - whether they known via the User ID agent, or CP, or GP, the security policy will control what traffic is allowed for what users.</P><P></P><P>If you choose to put "unknown" or "any" - that would imply that you do not really care about "known" users.</P><P>The security policy is more for controlling who gets what access.</P><P>To trigger the CP policy, you ought to look at the CP policy and the zones and addresses for which you'd like the CP policy triggered.</P></BODY></HTML> Sat, 26 Jul 2014 07:19:03 GMT sjamaluddin 2014-07-26T07:19:03Z https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3020#M2247 <HTML><HEAD></HEAD><BODY><P>I read a lot of captive portal set up. In almost every documents says that the user "unknown" doesn't trigger the captive portal. I think that the "any" user also included the "unknown" user, I'm not quite sure if those rules are gonna trigger the captive portal policy [And I don't want to]</P></BODY></HTML> Mon, 21 Jul 2014 22:30:01 GMT https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3020#M2247 GLastra 2014-07-21T22:30:01Z https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3021#M2248 <HTML><HEAD></HEAD><BODY><P>Yes, I have tested this in the lab and it does trigger Captive Portal when using "any" as user in security policy.</P><P></P><P>If you have security rule with user as "Unknown" it will work fine, and triggers captive portal login page..</P><P>If you have security rule with user as "any" it will work fine. and triggers captive portal login page</P><P>If you have security rule with user as "Known-user" it will not work because captive portal is only for unknown users.</P><P></P><P>To learn more about captive portal here is a link:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1159">How to Configure Captive Portal</A></P><P></P><P>Let me know if you have any questions.'</P><P></P><P>Regards,</P><P>Dileep</P></BODY></HTML> Tue, 22 Jul 2014 08:24:55 GMT https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3021#M2248 dreputi 2014-07-22T08:24:55Z https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3022#M2249 <HTML><HEAD></HEAD><BODY><P>When you have no IP to user mapping for a particular IP address, for traffic that comes in on a zone that has User Identification enabled, AND a CP policy is enabled, then the CP page should be triggered.</P><P></P><P>When looking at the Security policy, you are trying to restrict traffic for only "Known" users - whether they known via the User ID agent, or CP, or GP, the security policy will control what traffic is allowed for what users.</P><P></P><P>If you choose to put "unknown" or "any" - that would imply that you do not really care about "known" users.</P><P>The security policy is more for controlling who gets what access.</P><P>To trigger the CP policy, you ought to look at the CP policy and the zones and addresses for which you'd like the CP policy triggered.</P></BODY></HTML> Sat, 26 Jul 2014 07:19:03 GMT https://live.paloaltonetworks.com/t5/general-topics/is-captive-portal-triggered-when-using-quot-any-quot-as-user-in/m-p/3022#M2249 sjamaluddin 2014-07-26T07:19:03Z