This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

In captive portal, not asking for authentication for https traffic.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

In captive portal, not asking for authentication for https traffic.

Go to solution
Gururaj
L4 Transporter

‎08-08-2012 05:40 AM

Hi All,

Captive portal is working fine for http traffic( asking for authentication ), But for https traffic it is not asking for the authentication. For example if user types facebook.com, asking authentication if types https://facebook.com then it is allowing without asking for authentication. I have added both http and https services in captive portal policy.

Installed PAN OS version is 4.1.7 (As per release notes it should support captive portal for https traffic too)

Please help me to fix this issue.

Regards

Guru.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
arkadios
L1 Bithead

‎08-08-2012 09:35 AM

Maybe you need to activate a SSL decryption in the firewall.

Regards

Marco Herrera.

View solution in original post

0 Likes Likes
6 REPLIES 6

Go to solution
arkadios
L1 Bithead

‎08-08-2012 09:35 AM

Maybe you need to activate a SSL decryption in the firewall.

Regards

Marco Herrera.

0 Likes Likes

Go to solution
Gururaj
L4 Transporter
In response to arkadios

‎08-08-2012 09:52 PM

Hi Marco,

Thank You,..That worked, Please I need Some more help,

  1. If i enable decryption for all traffic ( Any URL Category ) that will slow down's the box performance. Is there any other way to minimize this ?
  2. And also it gives two certificates, one for decrypt policy and another for captive portal which will irritate the users.

Regards

Guru

0 Likes Likes

Go to solution
arkadios
L1 Bithead
In response to Gururaj

‎08-09-2012 09:07 AM

Just decrypt a Social pages or pages you need to "block" over SSL... to not slow down a box performance... (is just an idea), you can do this with 2 policies in Policies -> decryption: Options Tab -> No Decrypt / Decrypt

And i don't know about point 2 Smiley Sad sorry...

Regards

Marco.

0 Likes Likes

Go to solution
essnet
L4 Transporter
In response to Gururaj

‎08-14-2012 05:49 AM

Decryption is done by dedicated CPUs , you shouldn't expect slowdowns (we don't over here)

If you do the job correctly, decryption shoudldn't create SSL certificate warning ( Root CA must be trusted on your company computers). there are many guides about that on this portal.

Go to solution
mikand
L6 Presenter
In response to essnet

‎08-20-2012 03:46 PM

The limit is rather how many concurrent ssl terminations the box you have can do. If you have plenty of SSL traffic to decrypt you might need to step up one or two models (in terms of number of concurrent ssl sessions).

Go to solution
Gururaj
L4 Transporter

‎08-20-2012 09:32 PM

Thank you All,

Regards

Guru.

0 Likes Likes
  • 1 accepted solution
  • 3628 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks