- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-20-2019 08:55 PM
Our domain joined computers are getting prompted to sign into captive portal, however this is a random occurrence as some occasions it wouldn’t and we would be able to connect to the internet. How to stop this issue?
10-31-2019 04:04 PM
We do use User-ID Agent and also tried changing the idle time but no luck.
In the end, we logged case with Support team and issue was resolved after upgrading the PANOS.
We also upgraded Aruba Clearpass.
10-21-2019 01:40 AM
Are you using User-ID agent as your main collection method and CP as backup?
you may need to increase the "user identification timeout" which is set to 45 minutes by default
if most of your users spend most of their day at the same computer, you could set this to about 8-9 hours (length of a kerberos ticket lifetime) so your users only need to log on in the morning to keep being identified throughout the day.
if your users are highly mobile, you could opt to enable probing so the firewall queries the unidentified host for it's 'credentials'
10-21-2019 07:21 PM
@reaper ,
Issue started after Implementation of Radius accounting from Aruba Clearpass to Palo Alto Firewall.
We have created an auth profile referencing the radius and under Device > Management > authentication settings calling upon this profile for authentication. Below is our CP setup. Which timer we need to change here?
10-22-2019 05:57 AM
@FarzanaMustafa so there's no user-id agent?
in that case you'll probably want to look into the idle timer or timer (timer is 10 hours, so probably not the problem), idle time is fairly short
10-31-2019 04:04 PM
We do use User-ID Agent and also tried changing the idle time but no luck.
In the end, we logged case with Support team and issue was resolved after upgrading the PANOS.
We also upgraded Aruba Clearpass.
03-02-2020 09:38 AM
Hi,
Can you tell me what version of PAN OS has this problem and in what version it was fixed? I also have similar issue and wanted to confirm about the effected version.
Regards, Nagarjuna
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!