The attached document gives step-by-step instructions for configuring captive portal. Four scenarios are covered:
Web form login page- Transparent mode
Web form login page - Redirect mode
Starting with PAN-OS 5.0, the action previously named "captive-portal" is now "web-form." Only the name has changed. The web-form page prompts the unknown user for credentials.
The action previously named "ntlm-auth" is now "browser-challenge.".Only the name has changed. The browser-challenge action authenticates users behind the scenes through the NTLM support in the browser (for example, IE and Firefox).
Note: The 'no-captive-portal' action remains unchanged. When the initial traffic is https, Captive Portal will not be presented because of encryption. For HTTPS traffic to have Captive Portal launched, enable decryption. For more details reference the following link How to Implement and Test SSL Decryption