Many users receiving Captive Portal

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Many users receiving Captive Portal

L3 Networker


We have been facing a lot of users identified by Captive Portal and not via UIA.

Does anyone could suggest any troubleshooting/best practices to avoid this kind of behavior ?


Thanks in advance!!


L7 Applicator

Your UIA mappings are most likely timing out at the default of 45 minutes, and you're most likely relying on WMI Probes, which are failing, because your hosts are not correctly configured to respond to the WMI Probes.

Once the Probes fail, the user-ip mappings are deleted.

Once they are deleted, Captive Portal will trigger.

If the Captive Portal is set to its default Expiration of 60 minutes, then users will have to validate to CP every hour.

By default, User-ID Cache timeout is set to 45 minutes.

If users would be on site for a maximum of 12 hours, you can set the timeout to 720 minutes, and disable Probing.

Note I'm making a lot of assumptions based on similar cases I've worked. Your settings may differ, in that case, I recommend you open a Support ticket and we can take a closer look.

I also recommend checking out these documents:

Best Practices for Securing User-ID Deployments

User-ID Best Practices - PAN-OS 5.0, 6.0

L4 Transporter

Hi essilorbr,

I also suggest that you look at GlobalProtect to transparently identify your users, please remember this is not only a VPN client but also an Authentication client when used in Internal mode.

Your colleagues from Essilor EMEA may help you setting up this configuration.

Hello, thx for you help... you meant change this parameter below at Agent ?

- disable WMI

- change user identification timeout from 30 to 720 ?


Yes, that is correct.

Enable WMI Probing: No

User Identification Timeout (min.): 720

Very nice!!

will try these options...

  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!