Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Captive Portal Turned on but redirect Pages don't respond

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive Portal Turned on but redirect Pages don't respond

L1 Bithead

I turned on Captive Portal a couple days ago on a test rule restricting access between two servers before i turn it on for production.

 

The rule restricts access to the end server as expected and navigating to http for the target server results in the following URL Redirect: https://172.20.20.9:6082/php/uid.php?vsys=1&rule=0&url=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

The Webform is configured for one of the IP's used by the Firewall, but the Port 6082 required for Captive Portal SSL appears to not be listening.

 

I followed and have checked multiple times the steps in the following guides:

  1. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/map-ip-addresses-to-users/map-ip-a...
  2. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/authentication-policy/confi...
  3. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZiCAK

Is there anything else i can check that may shed some light on why this isn't working?

3 REPLIES 3

Cyber Elite
Cyber Elite

@MP2021,

Do you decrypt HTTPS traffic that should be matching your captive portal rule for your test?

If not, the firewall denies the traffic but doesn't actually serve up the captive portal. This is to prevent you servicing something that is simply going to cause a certificate warning in the users browser. You don't want to be telling people that running into cert warnings is "normal" and that they should "bypass" it because then they'll do it for everything and those warnings become meaningless, which is a poor thing to teach your user base. 

 

 

 

L1 Bithead

@BPry 

Thank you, It looks like we don't currently decrypt HTTPS Traffic, i will take a look into turning it on and see if it resolves the issue experienced.

L0 Member

I am experiencing a similar issue. While I agree i do not want to make forward untrust behavior normal, I do need a clear mechanism to test the functionality before moving into production.  This also occurs when the self signed CA cert of the device is in the endpoint trust store. 

  • 4382 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!