05-21-2012 06:35 AM
I would like to configure my PA-200 in such a way that when the user tries to browse a web site, he is presented with the captive portal. On this page I would like to display a "Terms of Service" banner telling him about acceptable use etc. I do NOT wish to authenticate individual users.
A simpe banner and an I Accept/Cancel button would suffice. Is there any way to implement this on Palo Alto?
Thanks a lot.
05-21-2012 09:39 AM
Why use captive portal for this? Captive Portal is a method used for user-to-ip-mapping wherein the user would pass on the credentials for ip-mapping. Setting all your URL categories to Continue / Override should be more easy...!!!
Hope this helps..!!!
05-21-2012 09:43 AM
Captive portal is used for ip-user mapping and it is not possible to change the behavior to display only the terms and conditions page. You can achieve this by using URL continue page. You can define your customized URL continue page and then import it to the box.
05-21-2012 01:24 PM
Thanks guys. I will give this a try tomorrow.
Will it be cached so that the users isnt asked multiple times for different categories?
Also, can this govern other policies, so that the user has to accept before other firewall rules are enabled for him?
05-22-2012 01:29 AM
"Also, can this govern other policies, so that the user has to accept before other firewall rules are enabled for him?", Can you please elaborate a little more on this. As per understanding, you want this Acceptance page as and when the user will open a browser for surfing the internet.
If that is the case, then you will need to attach the URL Filtering profile to all the security rules that allow internet access.
Hope this helps...!!!
05-23-2012 08:22 AM
I'll try to explain.
When the user connects to the network he should have access to nothing.
After the user accepts other policies might be enabled for him allowing him to vpn etc.
05-30-2012 03:39 AM
I got the problem somewhat resolved.
The only way we could get it to behave properly was with captive portal.
Basically there is a ToS text and a phrase that says you accept these terms by logging on with guest/guest user account.
If only there was a way to revert to regular HTTP instead of using SSL on captive portal...
06-12-2013 10:09 PM
Is there a way to revert to regular HTTP instead of using SSL on captive portal login page?
06-12-2013 10:46 PM
I don't think it is possible.
if you choose none as server certificate the firewall will use the local default certificate to provide an SSL connection.
08-10-2013 10:57 AM
It is complex, but it can be done.
Create local user accounts, point authentication to local. Then we you make the custom page, just hide their form and create your own with the username and password filled in. Hide their login button and replace it with your own. Then setup your onClick to click theirs. Kind of ridiculous, but it can be done.
Hopefully this makes sense. I'm not the best at explaining....
08-10-2013 03:06 PM
Wow what an interesting and creative hack to get a "Terms of service" portal to work with PA! I applaud your ingenuity on this one.
PA should really add this simple feature.
03-16-2017 09:28 PM
3 years later, does Palo have a cleaner way of doing this very common requirement?
05-24-2018 01:23 AM
As most of You (from EU) knows tommrow GDRP will apply
Has anyone solution for PANOS 8.x for CaptivePortal with button to accept the terms and authentication?
Could You ahare it?
06-04-2018 04:15 AM
Noone is using such feature? I'm pretty sure that You have solution 😉 - please share it..
06-04-2018 10:09 AM
Do you want to use captive portal only to show terms of service or do you require your users to log in?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!