Captive Portal on second firewall

Cyber Elite

Captive Portal on second firewall

Hi community


Most of you know about the captive portal feature on paloalto firewalls, to get user-ids for not yet somehow authenticated users. All this is also well documented exept this situation: 

I was wondering if it is possible to configure the captive portal redirect host to an FQDN which points to an interface on another paloalto firewall. Then the user logs in there and the mapping will be redistributed to the first firewall which initiated the redirect. Technically this seems perfectly possible, but I wondet if the redistribution is fast enough that the first firewall knows about the mapping when the second firewall redirects the user back to the initial website that the user tried to open. Has anyone already configured the captive portal this way and could maybe already confirm this works?


(I hope my explanation is not too confusing :P   )


Thanks in advance,


L7 Applicator

@vsys_remo I feel like I should challenge you to try and set it up, document your findings and then publish your journey here as a guest article ;)

Tom Piens -
Like my answer? check out my book!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!