03-04-2014 12:12 AM
I'm using PA-500 with 5.0.11 OS.
I would like to get help for the captive portal, HTTPS traffic isn't being interrupted while HTTP is working fine and redirecting traffic for authorization.
Please help me.
03-04-2014 03:18 AM
My CP policy of course using service-http AND service-https.
When I try to connect to any site with https://www.mozilla.com my webbrowser (Firefox) display "Connection was reset"
03-04-2014 04:38 AM
Thanks for the responses.
I have configured both HTTP and HTTPS both in service policy.
but unfortunately not getting right result and because of that some users are able to browse via https
03-04-2014 04:45 AM
In my opinion something wrong is in Your security policy configuration if users are able to browse by https.
My looks like:
Vince - why in my config users aren't redirected to CP portal?
03-04-2014 10:33 AM
For captive portal to work with https you need to setup decryption policy.
03-05-2014 01:00 AM
Please take a look MikroTik RouterOS • View topic - Hotspots and SSL redirection to login
"There is the new HTTP status codes which include 511 "Authentication Required", and although the RFC itself mentions that currently, browsers will show a certificate error on an SSL page, I think browser vendors should be asked to not do that."
Maybe this is a way to go with CP and PAN?
03-05-2014 04:58 PM
We have a PA-5020 running 5.1.10 and do Captive portal internally and externally. In both cases we redirect http and https. Please check the following setting:
Please check the management profile and make sure you have selected https response pages.
The Captive portal settings should look something like this:
03-05-2014 11:53 PM
thats very intersting what You wrote.
Could You share with us your settings of managemanet profile?
My looks like:
and it doesn'r redirect when You try to open https://www.mozilla.com with FF browser.
03-06-2014 01:21 AM
I forgot to ask You about decryption policy - do You use SSL decryption?
03-06-2014 05:39 PM
I realized that is only http traffic that I am seeing redirected to Captive portal. Sorry for misleading you and the discussion thread. That has prompted me to look further into it.
03-08-2014 02:50 PM
Agree with hyadavalli
You have to use SSL decryption.Without that page will not be loaded.(For unknown users allow only dns.)
03-09-2014 06:27 PM
Just to add to discussion, CP works by sending a 302 redirect when HTTP GET is received. HTTPS encrypts the GET message. Hence no redirect is triggered. This is why you need SSL decryption if you want to CP HTTPS traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!