This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Captive Portal Behavior

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Captive Portal Behavior

Go to solution
bbsoc
L2 Linker

‎08-09-2013 10:46 AM

We have configured the captive portal for category 'Adult and Pornography' . Our question is, will the captive portal start every time or only when you are an unknown user? If the user is known (using Active Directory), is the user still being prompted with the 'User Identification Portal' Continue page?

Thank You!

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
kprakash
L5 Sessionator

‎08-09-2013 11:26 AM

Captive portal works only for unknown users ( users for whom the ip-user mapping via AD, UIA, GP is not learnt about ). Known users will not be prompted for the captive portal authentication.

BR,

Karthik

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
sraghunandan
L5 Sessionator

‎08-09-2013 11:26 AM

The user can be know using 3 diff ways User-id agent, captive portal and gp. So if the user not know either by user-id agent or Global Protect(ssl vpn client) they should be hitting your Captive portal rule.

following docs will help:-

https://live.paloaltonetworks.com/docs/DOC-1159

https://live.paloaltonetworks.com/docs/DOC-1040

Go to solution
kprakash
L5 Sessionator

‎08-09-2013 11:26 AM

Captive portal works only for unknown users ( users for whom the ip-user mapping via AD, UIA, GP is not learnt about ). Known users will not be prompted for the captive portal authentication.

BR,

Karthik

0 Likes Likes

Go to solution
UhMayYeah
L5 Sessionator

‎08-09-2013 11:27 AM

CP page would be prompted for an Unknown user if the ingress interface an User-Id enabled and CP policy is matched.

0 Likes Likes

Go to solution
HITSSEC
L4 Transporter

‎08-09-2013 04:49 PM

Bbsoc,

The captive portal rules identify the sources destinations and destination ports that captive portal will be applied to or suppressed.  This only kicks in if PA does not have a user-id to IP mapping. (as mentioned by previous posts)  Since it is not possible to define all the IP addresses of "adult content sites" this approach will not work well.  The other approach is to force captive portal on everyone and use AD group membership to control who can go to adult content sites.  Alternatively you can require them to provide a password (action = override) to access that url category.  Risk here is you don't know who is using the password and if it is being shared. Hope this helps.

Phil

  • 1 accepted solution
  • 4184 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks