I noticed this in the PAN-OS 3.1.2 release notes :
Captive Portal Session Enhancements – The captive portal web forms method of authenticating
and identifying a user’s IP address has been modified to include a session cookie. This session
cookie is used to maintain the user to IP mapping as long as the users’ browser remains
running. In addition, an option to use an explicit L3 interface for the captive portal web form
can now be used to avoid certificate mismatch issues when presenting the form via SSL.
Does this mean that we can directly connect to captive portal web form without having the need to be redirected? If yes, i have installed the 3.1.2 version of PAN-OS, but i don't find any option to slect this kind of function. Any idea?
we still need to have sessions redirected to the Paloalto device to inject the captive portal form.
Can we make this a feature request? The ability to have non AD users go to a webforms page and authenticate without needing the be redirected first would be awesome.
One way to get this behavior would be to setup a hostname in DNS that resolves to any IP address that would be routed through the firewall and would hit a captive portal rule. For example, if you added a DNS entry for login.mycompany.com that resolved to 18.104.22.168 and 22.214.171.124 was routed through an interface on the firewall with a CP rule for 126.96.36.199, they would get the login page. The DNS part isn't actually required for this. You could simply tell people to go to 188.8.131.52 if you wanted. 184.108.40.206 just needs to be some IP address that will get routed through the firewall. Could be a public IP or a private IP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!