Captive Portal Behavior

Reply
Highlighted
L2 Linker

Captive Portal Behavior

We have configured the captive portal for category 'Adult and Pornography' . Our question is, will the captive portal start every time or only when you are an unknown user? If the user is known (using Active Directory), is the user still being prompted with the 'User Identification Portal' Continue page?

Thank You!

L5 Sessionator

Re: Captive Portal Behavior

The user can be know using 3 diff ways User-id agent, captive portal and gp. So if the user not know either by user-id agent or Global Protect(ssl vpn client) they should be hitting your Captive portal rule.

following docs will help:-

https://live.paloaltonetworks.com/docs/DOC-1159

https://live.paloaltonetworks.com/docs/DOC-1040

L5 Sessionator

Re: Captive Portal Behavior

Captive portal works only for unknown users ( users for whom the ip-user mapping via AD, UIA, GP is not learnt about ). Known users will not be prompted for the captive portal authentication.

BR,

Karthik

L5 Sessionator

Re: Captive Portal Behavior

CP page would be prompted for an Unknown user if the ingress interface an User-Id enabled and CP policy is matched.

L4 Transporter

Re: Captive Portal Behavior

Bbsoc,

The captive portal rules identify the sources destinations and destination ports that captive portal will be applied to or suppressed.  This only kicks in if PA does not have a user-id to IP mapping. (as mentioned by previous posts)  Since it is not possible to define all the IP addresses of "adult content sites" this approach will not work well.  The other approach is to force captive portal on everyone and use AD group membership to control who can go to adult content sites.  Alternatively you can require them to provide a password (action = override) to access that url category.  Risk here is you don't know who is using the password and if it is being shared. Hope this helps.

Phil

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!