I would like to configure my PA-200 in such a way that when the user tries to browse a web site, he is presented with the captive portal. On this page I would like to display a "Terms of Service" banner telling him about acceptable use etc. I do NOT wish to authenticate individual users.
A simpe banner and an I Accept/Cancel button would suffice. Is there any way to implement this on Palo Alto?
Thanks a lot.
Why use captive portal for this? Captive Portal is a method used for user-to-ip-mapping wherein the user would pass on the credentials for ip-mapping. Setting all your URL categories to Continue / Override should be more easy...!!!
Hope this helps..!!!
Captive portal is used for ip-user mapping and it is not possible to change the behavior to display only the terms and conditions page. You can achieve this by using URL continue page. You can define your customized URL continue page and then import it to the box.
Thanks guys. I will give this a try tomorrow.
Will it be cached so that the users isnt asked multiple times for different categories?
Also, can this govern other policies, so that the user has to accept before other firewall rules are enabled for him?
"Also, can this govern other policies, so that the user has to accept before other firewall rules are enabled for him?", Can you please elaborate a little more on this. As per understanding, you want this Acceptance page as and when the user will open a browser for surfing the internet.
If that is the case, then you will need to attach the URL Filtering profile to all the security rules that allow internet access.
Hope this helps...!!!
I'll try to explain.
When the user connects to the network he should have access to nothing.
After the user accepts other policies might be enabled for him allowing him to vpn etc.
I got the problem somewhat resolved.
The only way we could get it to behave properly was with captive portal.
Basically there is a ToS text and a phrase that says you accept these terms by logging on with guest/guest user account.
If only there was a way to revert to regular HTTP instead of using SSL on captive portal...
I don't think it is possible.
if you choose none as server certificate the firewall will use the local default certificate to provide an SSL connection.
It is complex, but it can be done.
Create local user accounts, point authentication to local. Then we you make the custom page, just hide their form and create your own with the username and password filled in. Hide their login button and replace it with your own. Then setup your onClick to click theirs. Kind of ridiculous, but it can be done.
Hopefully this makes sense. I'm not the best at explaining....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!