I've been trying for the past day or so to get captive portal(web redirect) to work using an interface on the firewall other than the "TRUST" interface. I've gotten captive portal to work using the Trust interface just fine but I would like to move the Captive Portal's function to a different interface as a long-term solution.
Do you think that moving the CP to an explicit interface is an absolute necessity? If so, could you give me a basic rundown of what/how things need to be configured on the FW to get this working properly.
When configuring the explicit interface, I gave it an IP and Security Zone(no VR setting). I then modified the CP settings for redirect host to the IP address of the new interface. After commiting the changes and clearing the user-ip cache, I get redirected to the correct IP(after quite a while) and then get a "webpage cannot be displayed" page.
Any help/suggestions with this would be greatly appreciated and I thank you for your time. Also, if you need me to provide any other information please let me know.
Do you have 'Response Pages' allowed on the selected interface? A interface management profile can be configured Network -> Network Profiles -> Interface Mgmt
I would strongly recommend going over the following Captive Portal configuration document to ensure you have not missed any required configuration. https://live.paloaltonetworks.com/docs/DOC-1159
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!