Our domain joined computers are getting prompted to sign into captive portal, however this is a random occurrence as some occasions it wouldn’t and we would be able to connect to the internet. How to stop this issue?
Solved! Go to Solution.
Are you using User-ID agent as your main collection method and CP as backup?
you may need to increase the "user identification timeout" which is set to 45 minutes by default
if most of your users spend most of their day at the same computer, you could set this to about 8-9 hours (length of a kerberos ticket lifetime) so your users only need to log on in the morning to keep being identified throughout the day.
if your users are highly mobile, you could opt to enable probing so the firewall queries the unidentified host for it's 'credentials'
Issue started after Implementation of Radius accounting from Aruba Clearpass to Palo Alto Firewall.
We have created an auth profile referencing the radius and under Device > Management > authentication settings calling upon this profile for authentication. Below is our CP setup. Which timer we need to change here?
@FarzanaMustafa so there's no user-id agent?
in that case you'll probably want to look into the idle timer or timer (timer is 10 hours, so probably not the problem), idle time is fairly short
Can you tell me what version of PAN OS has this problem and in what version it was fixed? I also have similar issue and wanted to confirm about the effected version.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!