04-04-2016 08:57 AM
04-05-2016 08:29 PM
@btrotter it's a PITA
04-05-2016 08:45 PM
From CLI you can execute this command:
show user ip-user-mapping all type CP
and see all successful CP users.
From the GUI in the system logs you can use the follwing syntax:
( description contains 'Captive Portal authentication succeeded' )
OR
( description contains 'Captive Portal authentication failed' )
You can use these to help diagnose why some are working and some aren't.
04-05-2016 08:51 PM - edited 04-05-2016 08:51 PM
@btrotter Also this may or may not be related to your issue.
Specifically my last post:
https://live.paloaltonetworks.com/t5/General-Topics/Dual-NIC-IP-Mapping-Issue/td-p/5936/page/2
regarding the whole Intranet settings and regristry settings that might need to be changed.
04-06-2016 02:03 AM
Hi btrotter,
If you're troubleshooting a communication issue and you're not sure if the traffic is hitting a captive portal policy or not, you can quickly check with a couple of ways.
The best way would be to use the test command:
> test cp-policy-match (criteria)
This will display an output of whether your traffic is going to match a configured policy.
If you are logging your traffic, you can click the spyglass on the left hand side of the log and check the flags section of the detailed log view, if the box is filled in and green then the traffic is hitting the portal. You can also add 'captive portal' to the list of columns viewable in the logs, just click the top of the empty column:
Another method would be to check the live session information, you can do this in the session browser on the GUI or on the CLI you'll see the captive portal flag set to true or false.
I think it would be a nice idea to see captive portal hits or traffic matching a captive portal rule in the ACC, if you want any new features implemented then you will have to contact your PAN SE.
I hope this helps. Thanks,
Ben
04-15-2016 12:55 PM
Sorry for the late reply.
I am unsure if my question is answered as I do not have an active issue to test it against.
I should have given a better example of the problem we are having.
For an example, one of our server admins came to us a few months back and said his backup server stopped receiving updates. We spent a long time troubleshooting it when our network engineer decided to try to add the site the server was trying to access to the no-captive-portal list. Once he did this the server guy confirmed his backups were now able to download its updates from the internet. We were unable to see anything in the traffic logs for this server attempting to access the internet and did not have any indication that it was the captive portal that was blocking it. There did not seem to be somewhere that would create an alert or log when something was hitting the captive portal.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
