Capture Portal 403 error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Capture Portal 403 error

L1 Bithead

Hey Live Community,

I'm working on a project to have two zones on a vwire (one trust, and one lab).  In order to get to the lab zone from the trust zone, I've created rules to only allow authenticated users to go through, and I've created my capture portal in accordance to their vwire documentation:

Configuring Captive Portal in V-Wire (with RADIUS Authenticatio... - Knowledge Base - Palo Alto Netw...

However, I'm getting a 403 error when trying to manually access the capture portal.  I've been looking around trying to troubleshoot this, but I've come up dry.  I have a ticket open with PA, but I thought I'd ask here in the mean time.  

 

Thanks!

4 REPLIES 4

L7 Applicator

And you made sure that you performed: 

Configure and Adjust the Security Rules Based on the Particular Scenario

  • Go to the "Policies tab > Security" rule base
  • Make sure that captive portal traffic is allowed by security policies; we need to ensure that the users being redirected can reach the L3 interface serving the portal page; http redirection is used with port 80, while https redirection is using ports 6080/6081/6082/6083.
  • Make certain the DNS traffic is allowed for the users (in order for redirection to work, user must first try to access external web site)
  • Often, there is no need to create any additional security policies if the intra-zone traffic is enabled. Users from the trust zone will be able to reach the captive portal in the trust zone

Also, were you able to manually test the Captive Portal in step 2?

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L1 Bithead

The hosts trying to reach it are in the same zone, and I can ping the L3 interface that has the IP for the capture portal.

DNS resolution for the clients is also working.

 

Manually going to the Capture Portal results in the 403 error displaying on the website for the capture portal itself.

I re-ran through my configuration with PA support and they're finding my configuration to be sound.  I'm still just getting a 403 error for some reason, I can't find any documentation on what would case a 403 error.

Having this same issue right now with Kerberos SSO on a captive portal. Did you ever get this resolved? If so, what was the fix?

  • 3566 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!