04-14-2016 05:51 AM
Why does below document advise we need a L3 interface for captive portal? We are running solely vwire and I still get on form when testing. I do have repsonse pages setup as well
04-14-2016 11:42 AM
Hi...Captive Portal (CP) is typically implemented by redirecting the users to the CP page which is tied to an L3 interface. The L3 interface will allow us to assign an SSL certificate to that interface IP because CP is encrypted in SSL to secure the user's credentials. Make sure the L3 interface has a mgmt profile that allows response page & userID.
04-15-2016 07:29 AM
Just to close loop in case anyone else runs into Issue. What can be done to rule out that a issue isnt related to Blue Coat Proxy (or any other proxy for that matter) Would be to view traffic logs and sort by destination country which will show you if you are hitting external website directy. In the event you never see external IP adress then you are hitting a proxy. Equally modifying the URL filter and check x-forwarded-for will not change behavior either as the proxy may not have it enabled or blocking untrusted certs. So to my knowledge no way to bypass inline Blue Coat with Palo Alto ----Unless someone has tried. This my reason for not getting CP page. I confirmed with TAC as well
04-14-2016 06:35 AM - edited 04-14-2016 06:37 AM
Hi,
You are likely using Tranparent mode.
The document indicates it is using Redirect mode.
Cheers,
-Kim.
04-14-2016 08:08 AM
04-14-2016 10:55 AM
Just FYI changing mode did not work eiter I will spend some more time playing with it
04-14-2016 11:42 AM
Hi...Captive Portal (CP) is typically implemented by redirecting the users to the CP page which is tied to an L3 interface. The L3 interface will allow us to assign an SSL certificate to that interface IP because CP is encrypted in SSL to secure the user's credentials. Make sure the L3 interface has a mgmt profile that allows response page & userID.
04-15-2016 07:29 AM
Just to close loop in case anyone else runs into Issue. What can be done to rule out that a issue isnt related to Blue Coat Proxy (or any other proxy for that matter) Would be to view traffic logs and sort by destination country which will show you if you are hitting external website directy. In the event you never see external IP adress then you are hitting a proxy. Equally modifying the URL filter and check x-forwarded-for will not change behavior either as the proxy may not have it enabled or blocking untrusted certs. So to my knowledge no way to bypass inline Blue Coat with Palo Alto ----Unless someone has tried. This my reason for not getting CP page. I confirmed with TAC as well
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
