Issue with Captive Portal

Reply
L3 Networker

Issue with Captive Portal

Our domain joined computers are getting prompted to sign into captive portal, however this is a random occurrence as some occasions it wouldn’t and we would be able to connect to the internet. How to stop this issue?

 

Community Manager

Re: Issue with Captive Portal

Are you using User-ID agent as your main collection method and CP as backup?

you may need to increase the "user identification timeout"  which is set to 45 minutes by default

 

if most of your users spend most of their day at the same computer, you could set this to about 8-9 hours (length of a kerberos ticket lifetime) so your users only need to log on in the morning to keep being identified throughout the day. 

 

if your users are highly mobile, you could opt to enable probing so the firewall queries the unidentified host for it's 'credentials' 


Help the community: Like helpful comments and mark solutions
Reaper out
L3 Networker

Re: Issue with Captive Portal

@reaper ,

 

Issue started after Implementation of  Radius accounting from Aruba Clearpass to Palo Alto Firewall.

We have created an auth profile referencing the radius and under Device > Management > authentication settings calling upon this profile for authentication. Below is our CP setup. Which timer we need to change here?

 

CaptivePortal.jpg

Community Manager

Re: Issue with Captive Portal

@FarzanaMustafa  so there's no user-id agent?

 

in that case you'll probably want to look into the idle timer or timer (timer is 10 hours, so probably not the problem), idle time is fairly short


Help the community: Like helpful comments and mark solutions
Reaper out
L3 Networker

Re: Issue with Captive Portal

We do use User-ID Agent and also tried changing the idle time but no luck.

In the end, we logged case with Support team and issue was resolved after upgrading the PANOS.

We also upgraded Aruba Clearpass.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!