02-22-2016 04:33 PM
Hi
PA200 PANOS-7.03
Working Production Config:
I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get prompted for username/pass. Once authenticated user can browse as per 4 secrutiy policies for brwosing with url profile implemented.
user mapping shows user name and there ip.
show user ip-user-mapping all
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
172.29.15.92 vsys1 CP abc1 28332 28332
172.29.5.24 vsys1 CP abc2 33428 33428
172.29.15.59 vsys1 CP abc3 31339 31339
172.29.5.39 vsys1 CP abc4 31447 31447
Change Required:
Configure Microsoft Remote Desktop Service(RDS) server so all the user connect to this RDS server and this server goes out on internet to get data.
But now there is only 1 IP which is server IP going out. So how would captive portal,url filtering will behave/work.
02-23-2016 01:15 AM
You need to download Terminal Server Agent from support portal and install it on terminal server.
In this case every user will get dedicated source port range and by that firewall can identify who is user who initiated traffic out from the server.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
