This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with Captive portal :

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with Captive portal :

ikkgroup
L0 Member

‎03-04-2014 12:12 AM

Dears,

I'm using PA-500 with 5.0.11 OS.

I would like to get help for the captive portal, HTTPS traffic isn't being interrupted while HTTP is working fine and redirecting traffic for authorization.

Please help me.

Regards,

Umair.

0 Likes Likes
13 REPLIES 13

_slv_
L4 Transporter

‎03-04-2014 02:21 AM

Yes, this is (unfortunetelly) expected behavior of PAN.

I have the same in my CP. I know that other vendors are able to redirect https session to Captive Portal.

Regards

SLawek

0 Likes Likes

VinceM
L5 Sessionator

‎03-04-2014 02:43 AM

Hi all,

PaloALto is able to do that only if in your CP policy you have configure service-http AND service-https.

Hope help.

V.

0 Likes Likes

_slv_
L4 Transporter
In response to VinceM

‎03-04-2014 03:18 AM

Hi Vince

My CP policy of course using service-http AND service-https.

When I try to connect to any site with https://www.mozilla.com my webbrowser (Firefox) display "Connection was reset"

Regards

Slawek

0 Likes Likes

ikkgroup
L0 Member

‎03-04-2014 04:38 AM

Thanks for the responses.

I have configured both HTTP and HTTPS both in service policy.

but unfortunately not getting right result and because of that some users are able to browse via https Smiley Sad

Regards,

Umair.

0 Likes Likes

_slv_
L4 Transporter
In response to ikkgroup

‎03-04-2014 04:45 AM

In my opinion something wrong is in Your security policy configuration if users are able to browse by https.

My looks like:

2014-03-04_134308.png

2014-03-04_134321.png

Vince - why in my config users aren't redirected to CP portal?

Regards

SLawek

0 Likes Likes

hyadavalli
L5 Sessionator

‎03-04-2014 10:33 AM

Hello Everyone,

For captive portal to work with https you need to setup decryption policy.

Regards,

Hari Yadavalli

_slv_
L4 Transporter
In response to hyadavalli

‎03-05-2014 01:00 AM

Please take a look MikroTik RouterOS • View topic - Hotspots and SSL redirection to login

"There is the new HTTP status codes which include 511 "Authentication Required", and although the RFC itself mentions that currently, browsers will show a certificate error on an SSL page, I think browser vendors should be asked to not do that."

Maybe this is a way to go with CP and PAN?

Regards

Slawek

0 Likes Likes

HITSSEC
L4 Transporter

‎03-05-2014 04:58 PM

Umair,

We have a PA-5020 running 5.1.10 and do Captive portal internally and externally. In both cases we redirect http and https.  Please check the following setting:

imageFile.png

Please check the management profile and make sure you have selected https response pages.

The Captive portal settings should look something like this:

Capture-GP-Settings.PNG.png

Phil

0 Likes Likes

_slv_
L4 Transporter

‎03-05-2014 11:53 PM

Hi Hitsec

thats very intersting what You wrote.

Could You share with us your settings of managemanet profile?

My looks like:

2014-03-06_085007.png

and it doesn'r redirect when You try to open https://www.mozilla.com with FF browser.

Regards

Slawek

0 Likes Likes

_slv_
L4 Transporter
In response to _slv_

‎03-06-2014 01:21 AM

Hi Phil

I forgot to ask You about decryption policy - do You use SSL decryption?

Regards

Slawek

0 Likes Likes

HITSSEC
L4 Transporter
In response to _slv_

‎03-06-2014 05:39 PM

Slawek,

I realized that is only http traffic that I am seeing redirected to Captive portal.  Sorry for misleading you and the discussion thread.  That has prompted me to look further into it.

Phil

0 Likes Likes

panos
L6 Presenter

‎03-08-2014 02:50 PM

Agree with hyadavalli

You have to use SSL decryption.Without that page will not be loaded.(For unknown users allow only dns.)

0 Likes Likes

Retired Member
Not applicable
In response to panos

‎03-09-2014 06:27 PM

Just to add to discussion, CP works by sending a 302 redirect when HTTP GET is received. HTTPS encrypts the GET message. Hence no redirect is triggered. This is why you need SSL decryption if you want to CP HTTPS traffic.

-Richard

  • 5492 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks