Captive Portal SSL Problem

Reply
Highlighted
L2 Linker

Captive Portal SSL Problem

I tried to configure my PaloAlto with a captive portal, but something seems to be wrong, as i don't get any login form.

As I use the captive portal in redirect-mode, the firewall forwards my browser request to something like https://publicWLAN:6082. This seems to work right. I also got a "allow" Log entry on my traffic log.

I tried to analyze the traffic from my test-computer (Wireshark on my test-computer) to this https://publicWLAN:6082/... . I can see a TCP-Session setup, ONE SSL Hello from my Client to the Firewall and Session close packets (initiated from firewall). So it seems to be something wrong with the SSL handshake.

So, how can I debug this SSL handshake on the Paloalto.

L4 Transporter

Re: Captive Portal SSL Problem

Hirslanden,

Where did you get your certs from?

You might try using firefox with firebug to help with the troubleshooting,

What do the PAN logs say?

If your stuck you should contact Paloalto support and allow us to help you through this.

(866) 898-9087

~Phil


L2 Linker

Re: Captive Portal SSL Problem

Hi Phil

Same Cert works fine with SSL VPN. I generated it on the PaloAlto. I tested the Captive Portal with a external generated Cert too.

In which logfile should I find some capitve debug messages.I took a look at a lot of logfiles but couldn't find any useful information.

Marco

L2 Linker

Re: Captive Portal SSL Problem

It was the Certificate...bit I don't understand why the same Cert works fine with SSL-VPN.

Additionally, my AV-Scanner did some strange things which got me some wrong debug results.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!