I've a requirement to validate users from Internet (untrust) when connecting to Internal (trust) network. I followed all steps marked in Admin guide and elsewhere for setting up captive portal, but somehow it is not working. Just to be sure i followed same steps for Trust to Untrust and it is working as expected. So i'm perplexed if this is possible at all for my requirement (Untrust to Trust) or i'm missing something. Any help or suggestion will be greatly appreciated.
Do you have an "Interface Management Profile" applied to your "Untrust" Zone? Without this being applied captive portal won't kick-off.
I pulled this from the contextual help menu:
"Response Pages—Use to enable response pages for:
Captive Portal—The ports used to serve Captive Portal response pages are left open on Layer 3 interfaces: port 6080 for NTLM, 6081 for Captive Portal without an SSL/TLS Server Profile, and 6082 for Captive Portal with an SSL/TLS Server Profile. For details, see Device > User Identification > Captive Portal Settings.URL Admin Override—For details, see Device > Setup > Content-ID."
Thanks alot for your response. I was missing User-ID check on the untrust zone. After enabling the same it is working like a charm. Appreciate your help on this. Have a good one !!!!
I'd be careful with this setting:
By only enabling User-ID on internal and trusted zones, there is no exposure of these services to the Internet, which helps to keep this service protected from any potential attacks. If User-ID and WMI probing are enabled on an external untrusted zone (such as the Internet), probes could be sent outside your protected network, resulting in an information disclosure of the User-ID Agent service account name, domain name, and encrypted password hash. This information has the potential to be cracked and exploited by an attacker to gain unauthorized access to protected resources. For this important reason, User-ID should never be enabled on an untrusted zone."
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!