We have got a captive portal set up for guest access which terminates on our Palo Alto firewalls. To meet our code of connection we need to capture DHCP lease offers but by default this does not seem possible.
DHCP lease ends are sent to the system log under the event lease-end, but to accurately ascertain when users connected to wireless we need to capture the full sequence of events ie. DHCP Offer, Portal Login and subsequent DHCP lease end and Portal session timeout.
The CLI command show dhcp lease all provides information on offered leases so one machanism which has been suggested is to script this to be pulled off the firewall, but this is not ideal.
Any further suggestions would be more than welcome!
Paul Woolnough - CCNP, CCDP
ICT Infrastructure Engineer - Networks
University Campus Suffolk
It sounds like yo are using the Paloalto as the DHCP server. Our implementation is rather simple and has very few options. There are no user configurable options other than what you see in the GUI.
Hi skrall, Yes we are using DHCP and by default it sends the lease end to SYSLOG, but most standard implementations also log the DHCP OFFER request also, it must obviously be happening but where does the Palo Alto put it? Thanks Paul
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!