https://live.paloaltonetworks.com/t5/general-topics/captive-portal-authentication-against-radius-with-palo-alto-vsa/m-p/35919#M26405 <HTML><HEAD></HEAD><BODY><P>The only way&nbsp; that the Palo Alto recognizes User-Groups is via LDAP or Active Directory</P></BODY></HTML> Thu, 06 Oct 2011 20:35:05 GMT dwhyte 2011-10-06T20:35:05Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-authentication-against-radius-with-palo-alto-vsa/m-p/35918#M26404 <HTML><HEAD></HEAD><BODY><P>Dear All,</P><P></P><P>Does everyone happened to know if Palo Alto can recognize the PaloAlto-User-Group (Palo Alto RADIUS VSA) if the authenticated user account is not belong to user group that RADIUS Server return?</P><P>I want to set the security policy rule and have a test for it.</P><P>If the user is belong to the user group that RADIUS return, the traffic can be processed against the policy with the user group.</P><P>If the user is not belong to the user group that RADIUS return, the traffic can not be processed against the policy with the user group.</P><P></P><P>In fact, we meet some environment that we cannot set user account in Palo Alto firewall.</P><P>(Ex. for roaming guest access.)</P><P>I hope that PA can offer such function.</P><P></P><P>Regards, Bobby</P></BODY></HTML> Thu, 06 Oct 2011 09:28:14 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-authentication-against-radius-with-palo-alto-vsa/m-p/35918#M26404 bobby549049 2011-10-06T09:28:14Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-authentication-against-radius-with-palo-alto-vsa/m-p/35919#M26405 <HTML><HEAD></HEAD><BODY><P>The only way&nbsp; that the Palo Alto recognizes User-Groups is via LDAP or Active Directory</P></BODY></HTML> Thu, 06 Oct 2011 20:35:05 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-authentication-against-radius-with-palo-alto-vsa/m-p/35919#M26405 dwhyte 2011-10-06T20:35:05Z