This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Captive Portal Question - Demo Unit

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive Portal Question - Demo Unit

rjoshua
Not applicable

‎10-18-2010 10:17 AM

Hello everyone,

I'm currently demo'ing a unit configuring it to our projected needs.  One of the things I'm currently working on it user authentication to the net and am hoping you guys can help me out with this.  I have the captiveportal setup using NTLM and the logs show my user authenticating when I goto an outside web address so that seems to be working fine.  However, we have the following scenerio:

Most users will be able to authenticate through the normal NTLM Captive Portal. However, some users are generic users, i.e. app.user, that a nurse would use on a PC at a nurses station. It would have access to a couple of medical websites with out issue and that's it.  But Doc Brown decideds to use this PC to check up on his stocks or the golf scores and puts in www.wasteoftime.com.  I don't want him to be rejected, and I certainly can't ask him to log out of the machine and back in, can I have a web form pop up and ask him for his login with his user and pass instead since the site he's trying to goto is not one authorized under the policy for this generic user?  Can someone point me to such documentation on how to setup a similiar scenerio or provide some quick input?

Thank you for your time,

Raun

0 Likes Likes
1 REPLY 1

skrall
L4 Transporter

‎10-18-2010 04:06 PM

Captive portal has only a few fields that can be used to trigger,  Src/Dst Zones and  Src/Dst Address.You should try creating a captive portal page for the Dest Zone = your_internet_Access_zone.  If they surf internal resources, standard policy rules apply. If they use the PDA or tablet to surf the internet they will get a popup screen to authenticate. You will probably have to configure RADIUS authentication to make this work.

Steve Krall

  • 2504 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks