Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

In captive portal, not asking for authentication for https traffic.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

In captive portal, not asking for authentication for https traffic.

L4 Transporter

Hi All,

Captive portal is working fine for http traffic( asking for authentication ), But for https traffic it is not asking for the authentication. For example if user types facebook.com, asking authentication if types https://facebook.com then it is allowing without asking for authentication. I have added both http and https services in captive portal policy.

Installed PAN OS version is 4.1.7 (As per release notes it should support captive portal for https traffic too)

Please help me to fix this issue.

Regards

Guru.

1 accepted solution

Accepted Solutions

L1 Bithead

Maybe you need to activate a SSL decryption in the firewall.

Regards

Marco Herrera.

View solution in original post

6 REPLIES 6

L1 Bithead

Maybe you need to activate a SSL decryption in the firewall.

Regards

Marco Herrera.

Hi Marco,

Thank You,..That worked, Please I need Some more help,

  1. If i enable decryption for all traffic ( Any URL Category ) that will slow down's the box performance. Is there any other way to minimize this ?
  2. And also it gives two certificates, one for decrypt policy and another for captive portal which will irritate the users.

Regards

Guru

Just decrypt a Social pages or pages you need to "block" over SSL... to not slow down a box performance... (is just an idea), you can do this with 2 policies in Policies -> decryption: Options Tab -> No Decrypt / Decrypt

And i don't know about point 2 Smiley Sad sorry...

Regards

Marco.

Decryption is done by dedicated CPUs , you shouldn't expect slowdowns (we don't over here)

If you do the job correctly, decryption shoudldn't create SSL certificate warning ( Root CA must be trusted on your company computers). there are many guides about that on this portal.

The limit is rather how many concurrent ssl terminations the box you have can do. If you have plenty of SSL traffic to decrypt you might need to step up one or two models (in terms of number of concurrent ssl sessions).

L4 Transporter

Thank you All,

Regards

Guru.

  • 1 accepted solution
  • 4032 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!