This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Authentication of Users through Captive portal query

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Authentication of Users through Captive portal query

tamilvanan
L3 Networker

‎10-22-2021 05:28 AM - edited ‎10-22-2021 05:32 AM

Hi Team,

 

We had configured captive portal on the firewall recently.

 

In Authentication policy we had selected source users as any and we are using Active Directory for Authentication.

 

Also we had configured agentless user-id mapping on the firewall and server monitoring to fetch details from AD server for User-IP mapping to feed onto the firewall.

 

When an unknown user tries to access internet we are getting captive portal re-direction but for devices which have user-ip mapping fetched from AD server Captive portal redirection is not happening.

 

Is this an expected behaviour for users who are already got user-IP mapped through AD source to not get Captive portal redirection.

 

I had seen previously it works for Global Protect users but not sure about AD users.

 

Done troubleshooting as per below doc also:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZiCAK#:~:text=Verify%20C....

 

Also SSL forward proxy decryption is configured on the firewall.

 

Thanks in advance

 

0 Likes Likes
2 REPLIES 2

PavelK
Cyber Elite
Cyber Elite

‎10-22-2021 06:53 AM

Thank you for the post @tamilvanan

 

I am running similar setup in multiple Firewalls. I just tried to reproduce the scenario you mentioned and I got the same result. For the session that has already user-ip mapping from user-id agent, I was not getting redirection to captive portal despite fact that I configured in authentication policy source as "any" and Authentication Enforcement: default-web-form. Based on my test I would say what you are experiencing is expected, however I could not find any reference in documentation to back this up.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

BPry
Cyber Elite
Cyber Elite

‎10-22-2021 07:12 AM

@tamilvanan,

This is expected behavior. Captive Portal only triggers on unknown users and doesn't trigger for IPs that already have a user-id mapping. 

  • 2431 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks