- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-14-2011 01:32 PM
Hi all, I have a 2050 pair and I'm trying to find a way to prensent my users with a page with 'terms of use' that they would accept and continue on to a list of websites that I can control. I don't want to authenticate the users, just give them a splash page and let them go through, is this possible? Thanks in advance.
10-14-2011 02:21 PM
After giving it some more thought, you can create a security policy rule and select 'unknown' users and associate your url profile that has your modified response page that allows them only to your whitelisted urls. Disregard the feature request as this should work. No authentication as you're allowing 'unknown' users but to selected whitelisted urls while you block all other categories.
Regards,
Renato
10-14-2011 01:50 PM
Are you referring to Captive Portal for 'Unknown' users? If that's the case, I don't believe it's feasible and this would fall under the category of a feature request. If' you're referring to users that are already authenticated in the network(probably not what you're referring to but...) you have the option to modify the url continue response page to your heart's content.
-Renato
10-14-2011 01:53 PM
Yes, I was referring to 'unknown' users. I will see what I need to do to put in a feature request. Thanks for your reply.
10-14-2011 01:55 PM
is the process for feature request still to submit to SE?
10-14-2011 01:57 PM
Yes, the FRs go through your Local Sales SE or Reseller.
Regards,
Renato
10-14-2011 02:06 PM
So, in the meantime and as a workaround I should be able to use URL filtering to block all domains that are not mine, and then when the user tries to go somewhere else the URL block page gives an explanation of the terms of use. Do you think this would work? or can you think of other things I can do to get to the same result?
10-14-2011 02:21 PM
After giving it some more thought, you can create a security policy rule and select 'unknown' users and associate your url profile that has your modified response page that allows them only to your whitelisted urls. Disregard the feature request as this should work. No authentication as you're allowing 'unknown' users but to selected whitelisted urls while you block all other categories.
Regards,
Renato
10-21-2011 05:35 PM
Alright, well.. this works but not completely. I've run into an issue with macs and iphones. See my rules here:
rule1: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:dhcp/dns service:application-default action:allow profile:none
rule2: allow trust / ip:10.44.0.0/20 / user:unknown to:any application:any service:any action:allow profile:filter1
filter1: block all URLs + whitelist: *.chemeketa.edu
Everything works fine on Windows and on my very old Android phone, the user is redirected to the url-blocking page. Perfect!
Tried with a Mac and iphone: because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication). So the Login window pops up, if the user cancels out of that window he/she gets disconnected from the network. If the user disregards that Login page and opens up a browser they are redirected to my url-blocking page and everything looks normal. But this situation is confusing for the users that are presented with the Login page and won't know what to do or will cancel it.
We tried including www.apple.com in our whitelist. Now because the Mac client CAN go to www.apple.com no Login window pops up, however, www.apple.com doesn't render correctly and the users who have www.apple.com as their homepage are going to be all confused and are likely going to think their 'internet is broken'.
All I can think I can do now is just tell my users "If you get a Login page on your device, disregard it and just open a browser". Can you think of any other trick I can try to make this works as closely as possible to a passthrough page?
Thanks!
R
10-21-2011 09:22 PM
Hi,
What do you mean when you say "because I'm blocking www.apple.com the software thinks that my url-blocking page on the PAN is actually a Login page (like an authentication page that you get when you're doing actual user authentication)." I'll have to test with an iPhone and perhaps an iPad but would like to know more as to what you're referring to above.
Thanks,
Renato
10-23-2011 12:13 AM
Hi,
If you don't want the apple homepage to be broken you could use *.apple.com instead. There are many imagesand files hosted in other domains such as image.apple.com. You need wildcard.
Regards,
Jones
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!