This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

passthrough page without authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

passthrough page without authentication

Go to solution
rossellamj
L0 Member

‎10-14-2011 01:32 PM

Hi all, I have a 2050 pair and I'm trying to find a way to prensent my users with a page with 'terms of use' that they would accept and continue on to a list of websites that I can control. I don't want to authenticate the users, just give them a splash page and let them go through, is this possible? Thanks in advance.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
gswcowboy
L6 Presenter
In response to rossellamj

‎10-14-2011 02:21 PM

After giving it some more thought, you can create a security policy rule and select 'unknown' users and associate your url profile that has your modified response page that allows them only to your whitelisted urls. Disregard the feature request as this should work. No authentication as you're allowing 'unknown' users but to selected whitelisted urls while you block all other categories.

Regards,

Renato    

View solution in original post

0 Likes Likes
10 REPLIES 10

Go to solution
gswcowboy
L6 Presenter

‎10-14-2011 01:50 PM

Are you referring to Captive Portal for 'Unknown' users? If that's the case, I don't believe it's feasible and this would fall under the category of a feature request. If' you're referring to users that are already authenticated in the network(probably not what you're referring to but...) you have the option to modify the url continue response page to your heart's content.

-Renato

Go to solution
rossellamj
L0 Member
In response to gswcowboy

‎10-14-2011 01:53 PM

Yes, I was referring to 'unknown' users. I will see what I need to do to put in a feature request. Thanks for your reply.

0 Likes Likes

Go to solution
rossellamj
L0 Member
In response to gswcowboy

‎10-14-2011 01:55 PM

is the process for feature request still to submit to SE?

0 Likes Likes

Go to solution
gswcowboy
L6 Presenter
In response to rossellamj

‎10-14-2011 01:57 PM

Yes, the FRs go through your Local Sales SE or Reseller.

Regards,

Renato

Go to solution
rossellamj
L0 Member
In response to gswcowboy

‎10-14-2011 02:06 PM

So, in the meantime and as a workaround I should be able to use URL filtering to block all domains that are not mine, and then when the user tries to go somewhere else the URL block page gives an explanation of the terms of use. Do you think this would work? or can you think of other things I can do to get to the same result?

0 Likes Likes

Go to solution
gswcowboy
L6 Presenter
In response to rossellamj

‎10-14-2011 02:21 PM

After giving it some more thought, you can create a security policy rule and select 'unknown' users and associate your url profile that has your modified response page that allows them only to your whitelisted urls. Disregard the feature request as this should work. No authentication as you're allowing 'unknown' users but to selected whitelisted urls while you block all other categories.

Regards,

Renato    

0 Likes Likes

Go to solution
rossellamj
L0 Member
In response to gswcowboy

‎10-21-2011 05:35 PM

Alright, well.. this works but not completely. I've run into an issue with macs and iphones. See my rules here:

rule1: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:dhcp/dns service:application-default action:allow profile:none

rule2: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:any service:any action:allow profile:filter1

filter1: block all URLs + whitelist: *.chemeketa.edu

Everything works fine on Windows and on my very old Android phone, the user is redirected to the url-blocking page. Perfect!

Tried with a Mac and iphone: because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication). So the Login window pops up, if the user cancels out of that window he/she gets disconnected from the network. If the user disregards that Login page and opens up a browser they are redirected to my url-blocking page and everything looks normal. But this situation is confusing for the users that are presented with the Login page and won't know what to do or will cancel it.

We tried including www.apple.com in our whitelist. Now because the Mac client CAN go to www.apple.com no Login window pops up, however, www.apple.com doesn't render correctly and the users who have www.apple.com as their homepage are going to be all confused and are likely going to think their 'internet is broken'.    Smiley Sad

All I can think I can do now is just tell my users "If you get a Login page on your device, disregard it and just open a browser". Can you think of any other trick I can try to make this works as closely as possible to a passthrough page?

Thanks!

R

0 Likes Likes

Go to solution
gswcowboy
L6 Presenter
In response to rossellamj

‎10-21-2011 09:22 PM

Hi,

What do you mean when you say "because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication)." I'll have to test with an iPhone and perhaps an iPad but would like to know more as to what you're referring to above.

Thanks,

Renato    

0 Likes Likes

Go to solution
jleung
L4 Transporter
In response to gswcowboy

‎10-23-2011 12:13 AM

Hi,

If you don't want the apple homepage to be broken you could use *.apple.com instead. There are many imagesand files hosted in other domains such as image.apple.com. You need wildcard.

Regards,

Jones

0 Likes Likes

Go to solution
rossellamj
L0 Member
In response to jleung

‎10-24-2011 09:09 AM

that works, thanks.

0 Likes Likes
  • 1 accepted solution
  • 6060 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks