Issue with Captive Portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Issue with Captive Portal

L4 Transporter

Our domain joined computers are getting prompted to sign into captive portal, however this is a random occurrence as some occasions it wouldn’t and we would be able to connect to the internet. How to stop this issue?

 

1 accepted solution

Accepted Solutions

We do use User-ID Agent and also tried changing the idle time but no luck.

In the end, we logged case with Support team and issue was resolved after upgrading the PANOS.

We also upgraded Aruba Clearpass.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Are you using User-ID agent as your main collection method and CP as backup?

you may need to increase the "user identification timeout"  which is set to 45 minutes by default

 

if most of your users spend most of their day at the same computer, you could set this to about 8-9 hours (length of a kerberos ticket lifetime) so your users only need to log on in the morning to keep being identified throughout the day. 

 

if your users are highly mobile, you could opt to enable probing so the firewall queries the unidentified host for it's 'credentials' 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper ,

 

Issue started after Implementation of  Radius accounting from Aruba Clearpass to Palo Alto Firewall.

We have created an auth profile referencing the radius and under Device > Management > authentication settings calling upon this profile for authentication. Below is our CP setup. Which timer we need to change here?

 

CaptivePortal.jpg

@FarzanaMustafa  so there's no user-id agent?

 

in that case you'll probably want to look into the idle timer or timer (timer is 10 hours, so probably not the problem), idle time is fairly short

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

We do use User-ID Agent and also tried changing the idle time but no luck.

In the end, we logged case with Support team and issue was resolved after upgrading the PANOS.

We also upgraded Aruba Clearpass.

Hi,

 

Can you tell me what version of PAN OS has this problem and in what version it was fixed? I also have similar issue and wanted to confirm about the effected version. 

 

Regards, Nagarjuna  

Hi @FarzanaMustafa . Could you please provide the PAN-OS version you had the issue with.

 

 

  • 1 accepted solution
  • 5188 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!