https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6759#M4957 <HTML><HEAD></HEAD><BODY><P>The limit is rather how many concurrent ssl terminations the box you have can do. If you have plenty of SSL traffic to decrypt you might need to step up one or two models (in terms of number of concurrent ssl sessions).</P></BODY></HTML> Mon, 20 Aug 2012 22:46:15 GMT mikand 2012-08-20T22:46:15Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6754#M4952 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P><SPAN>Captive portal is working fine for http traffic( asking for authentication ), But for https traffic it is not asking for the authentication. For example if user types facebook.com, asking authentication if types </SPAN><A class="jive-link-external-small" href="https://facebook.com">https://facebook.com</A><SPAN> then it is allowing without asking for authentication. I have added both http and https services in captive portal policy.</SPAN></P><P></P><P>Installed PAN OS version is 4.1.7 (As per release notes it should support captive portal for https traffic too)</P><P>Please help me to fix this issue.</P><P></P><P>Regards</P><P>Guru.</P></BODY></HTML> Wed, 08 Aug 2012 12:40:52 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6754#M4952 Gururaj 2012-08-08T12:40:52Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6755#M4953 <HTML><HEAD></HEAD><BODY><P>Maybe you need to activate a SSL decryption in the firewall.</P><P></P><P>Regards</P><P>Marco Herrera.</P></BODY></HTML> Wed, 08 Aug 2012 16:35:54 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6755#M4953 arkadios 2012-08-08T16:35:54Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6756#M4954 <HTML><HEAD></HEAD><BODY><P>Hi Marco,</P><P>Thank You,..That worked, Please I need Some more help,</P><OL><LI>If i enable decryption for all traffic ( Any URL Category ) that will slow down's the box performance. Is there any other way to minimize this ?</LI><LI>And also it gives two certificates, one for decrypt policy and another for captive portal which will irritate the users.</LI></OL><P></P><P></P><P>Regards</P><P>Guru</P></BODY></HTML> Thu, 09 Aug 2012 04:52:22 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6756#M4954 Gururaj 2012-08-09T04:52:22Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6757#M4955 <HTML><HEAD></HEAD><BODY><P>Just decrypt a Social pages or pages you need to "block" over SSL... to not slow down a box performance... (is just an idea), you can do this with 2 policies in Policies -&gt; decryption: Options Tab -&gt; No Decrypt / Decrypt</P><P></P><P>And i don't know about point 2 <img id="smileysad" class="emoticon emoticon-smileysad" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" /> sorry...</P><P></P><P>Regards</P><P>Marco.</P></BODY></HTML> Thu, 09 Aug 2012 16:07:48 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6757#M4955 arkadios 2012-08-09T16:07:48Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6758#M4956 <HTML><HEAD></HEAD><BODY><P>Decryption is done by dedicated CPUs , you shouldn't expect slowdowns (we don't over here)</P><P></P><P>If you do the job correctly, decryption shoudldn't create SSL certificate warning ( Root CA must be trusted on your company computers). there are many guides about that on this portal.</P></BODY></HTML> Tue, 14 Aug 2012 12:49:38 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6758#M4956 essnet 2012-08-14T12:49:38Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6759#M4957 <HTML><HEAD></HEAD><BODY><P>The limit is rather how many concurrent ssl terminations the box you have can do. If you have plenty of SSL traffic to decrypt you might need to step up one or two models (in terms of number of concurrent ssl sessions).</P></BODY></HTML> Mon, 20 Aug 2012 22:46:15 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6759#M4957 mikand 2012-08-20T22:46:15Z https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6760#M4958 <HTML><HEAD></HEAD><BODY><P>Thank you All,</P><P></P><P>Regards</P><P>Guru.</P></BODY></HTML> Tue, 21 Aug 2012 04:32:04 GMT https://live.paloaltonetworks.com/t5/general-topics/in-captive-portal-not-asking-for-authentication-for-https/m-p/6760#M4958 Gururaj 2012-08-21T04:32:04Z