https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5816#M4249 <HTML><HEAD></HEAD><BODY><P>As soon as you authenticate through SSL-VPN, we know the user and Captive Portal rules don't kick in anymore. Captive Portal rules are only applied for unknown-users. Based on what kind of firewall you have, you could setup two vsys and route traffic between them. The first vsys would terminate the SSL-VPN and then route traffic to the second one, which runs Captive Portal. User-ID information is not shared among vsys, which means that even though the first vsys identifies the user correctly, the user would be unknown for vsys two and Captive Portal rules would be applied.</P></BODY></HTML> Fri, 10 Feb 2012 18:13:22 GMT mwalter 2012-02-10T18:13:22Z https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5815#M4248 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>We are implementing a Nordic-Edge Server that provides radius and otp services. Once you have enter the user/password credentials in VPN-SSL portal , you get another screen which prompts you for the OTP that is sent by SMS.</P><P></P><P>The auth is OK , but the security policies are based in Active Directory users and groups. In order to solve it we are implementing a Captive Portal which is never shown.</P><P></P><P>Any Suggestions?</P><P></P><P>Thanks.</P></BODY></HTML> Fri, 10 Feb 2012 11:14:30 GMT https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5815#M4248 LCMember1361 2012-02-10T11:14:30Z https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5816#M4249 <HTML><HEAD></HEAD><BODY><P>As soon as you authenticate through SSL-VPN, we know the user and Captive Portal rules don't kick in anymore. Captive Portal rules are only applied for unknown-users. Based on what kind of firewall you have, you could setup two vsys and route traffic between them. The first vsys would terminate the SSL-VPN and then route traffic to the second one, which runs Captive Portal. User-ID information is not shared among vsys, which means that even though the first vsys identifies the user correctly, the user would be unknown for vsys two and Captive Portal rules would be applied.</P></BODY></HTML> Fri, 10 Feb 2012 18:13:22 GMT https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5816#M4249 mwalter 2012-02-10T18:13:22Z https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5817#M4250 <HTML><HEAD></HEAD><BODY><P>OK,</P><P></P><P>thank you very much mwalter.</P></BODY></HTML> Tue, 14 Feb 2012 12:41:33 GMT https://live.paloaltonetworks.com/t5/general-topics/third-party-radius-otp-captive-portal/m-p/5817#M4250 LCMember1361 2012-02-14T12:41:33Z