06-27-2011 08:44 AM
I tried to configure my PaloAlto with a captive portal, but something seems to be wrong, as i don't get any login form.
As I use the captive portal in redirect-mode, the firewall forwards my browser request to something like https://publicWLAN:6082. This seems to work right. I also got a "allow" Log entry on my traffic log.
I tried to analyze the traffic from my test-computer (Wireshark on my test-computer) to this https://publicWLAN:6082/... . I can see a TCP-Session setup, ONE SSL Hello from my Client to the Firewall and Session close packets (initiated from firewall). So it seems to be something wrong with the SSL handshake.
So, how can I debug this SSL handshake on the Paloalto.
06-29-2011 01:22 PM
Hirslanden,
Where did you get your certs from?
You might try using firefox with firebug to help with the troubleshooting,
What do the PAN logs say?
If your stuck you should contact Paloalto support and allow us to help you through this.
(866) 898-9087
~Phil
07-05-2011 01:38 AM
Hi Phil
Same Cert works fine with SSL VPN. I generated it on the PaloAlto. I tested the Captive Portal with a external generated Cert too.
In which logfile should I find some capitve debug messages.I took a look at a lot of logfiles but couldn't find any useful information.
Marco
07-07-2011 03:44 AM
It was the Certificate...bit I don't understand why the same Cert works fine with SSL-VPN.
Additionally, my AV-Scanner did some strange things which got me some wrong debug results.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
