Captive Portal with Vwire.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Captive Portal with Vwire.

L4 Transporter

Why does below document advise we need a L3 interface  for captive portal? We are running solely vwire and I still get on form when testing. I do have repsonse pages setup as well

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/Configuring-Captive-Portal-in-V-Wire-wit...

2 accepted solutions

Accepted Solutions

Hi...Captive Portal (CP) is typically implemented by redirecting the users to the CP page which is tied to an L3 interface.  The L3 interface will allow us to assign an SSL certificate to that interface IP because CP is encrypted in SSL to secure the user's credentials.   Make sure the L3 interface has a mgmt profile that allows response page & userID.

View solution in original post

L4 Transporter

Just to close loop in case anyone else runs into Issue. What can be done to rule out that a issue isnt related to Blue Coat Proxy (or any other proxy for that matter) Would be to view traffic logs and sort by destination country which will show you if you are hitting external website directy. In the event you never see external IP adress then you are  hitting a proxy. Equally modifying the URL filter and check x-forwarded-for will not change behavior either as the proxy may not have it enabled or blocking untrusted certs. So to my knowledge no way to bypass inline Blue Coat with Palo Alto ----Unless someone has tried.  This my reason for not getting CP page. I confirmed with TAC as well

View solution in original post

5 REPLIES 5

Community Team Member

Hi,

 

You are likely using Tranparent mode.

The document indicates it is using Redirect mode.

 

Cheers,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks Kim I will change mode and retry

Just FYI changing mode did not work eiter I will spend some more time playing with it

Hi...Captive Portal (CP) is typically implemented by redirecting the users to the CP page which is tied to an L3 interface.  The L3 interface will allow us to assign an SSL certificate to that interface IP because CP is encrypted in SSL to secure the user's credentials.   Make sure the L3 interface has a mgmt profile that allows response page & userID.

L4 Transporter

Just to close loop in case anyone else runs into Issue. What can be done to rule out that a issue isnt related to Blue Coat Proxy (or any other proxy for that matter) Would be to view traffic logs and sort by destination country which will show you if you are hitting external website directy. In the event you never see external IP adress then you are  hitting a proxy. Equally modifying the URL filter and check x-forwarded-for will not change behavior either as the proxy may not have it enabled or blocking untrusted certs. So to my knowledge no way to bypass inline Blue Coat with Palo Alto ----Unless someone has tried.  This my reason for not getting CP page. I confirmed with TAC as well

  • 2 accepted solutions
  • 2787 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!