12-24-2012 01:26 PM
I have a client that currently uses an ISA server to restrict access to back-end web servers. The users authenticate at the ISA which then redirects to the back end web server.
Palo Alto firewalls were sold as replacing this authentication mechanism using Captive Portal. Is this a possible use? I've only seen examples of Captive Portal for outbound traffic or to authenticate users for a wireless network. This would be inbound traffic from the Internet going to specific servers internally.
If this is possible, what would be the recommended setup? Static NAT is configured for these servers and I'd want to use the User-ID agent for authentication.
The client is also moving to using the Global Protect agent for SSL VPN. The request is for Captive Portal to be used to protect access to certain web resources but if they want full access to internal resources they would use GP.
Thanks for any help!
