We have recently upgraded our HA firewall cluster (PA-3020) from 7.1.22 to 9.1.6 following the suggested upgrade path by PA.
We have captive portal in place, before the upgrade, all our corporate windows 10 laptops as soon as we power them on, they used to connect to our corporate Wi-Fi and allowed users to login as per normal.
Since the time we have upgraded the PAN-OS to 9.1.6, corporate laptops are not connecting to our desired wireless network straight away, there is a warning message on Wi-Fi network icon and it says "action needed", when we click on this, it gives an option to connect to that wireless network and then it goes ahead and connects.
We expect all our corporate devices to connect to our wireless network without having to go through this.
Could anyone suggest on this please?
Thanks for your response.
Yes, yesterday we did try disabling NCSI and NLA (active probing for internet) on one of the test laptop by editing the registry settings and that works good.
However, we would like to know if there is any way on Palo Alto we could get this working without being modifying the settings on all laptops
Also, I believe there is some difference to PAN-OS 7.1.22 compared to 9.1.6 in terms of behavior of the captive portal, as with 7.1.22 we used to have the laptops working without being NLA and NCSI disabled.
Any thoughts on this will be really helpful
That's where the second part of my above post comes in. You haven't been getting content updates for a while, so when you upgraded to 9.1 its possible your allowed app-ids changed and Windows can no longer pass a connectivity check. Make sure that Windows can actually perform a connectivity test prior to signing into the portal, because if it thinks your SSID has absolutely no internet access you'll get this prompt.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!