ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
ok, I see the picture, once you send the syslog trace then the PaloAlto firewall allows the user to access the Internet. Regarding why using our solution instead of the integrated portal: the picture I depicted it's a simplified one. Our client wants a "complicated" authorization mechanism which involves sending an email to someone that must allow another one with an SMS. Thanks a lot for your help.
... View more
Hi! First of all sorry if this question is explained anywhere else; I've dedicated a few hours to browse docs and posts but I cannot find a proper answer. I work for a company that deploys hotspot solutions over premises using different hardware solutions. It turns out to be that we need to integrate Paloalto appliance in our solution. Our approach is basically this: Firewall intercepts traffic for non authenticatrd users User is redirected via a 302 http redirect to our portal (it can be placed on the wan zone so it can be reached by the Paloalto firewall) Web form is presented so the user validates himself. If credentials are valid (they are internally located on a Radius server) then control must be returned to Paloalto firewall Paloalto firewall should try to authenticate now the user with the credentials provided before in point (3) via Radius Radius replies with an Access-Accept so a Session-Start should be send from Paloalto to the Radius server (accounting starts) So here there are my questions: Is this approach feasible? I understand that points (1) and (2) are easily configurable as a Redirect Captive Portal with web form authentication.... How must our captive portal inform to Paloalto that credentials are valid so Paloalto starts with Radius authentication? Some manufacturers implement a special login URL, other ones use a propietary protocol, but I cannot find detailed information about the whole workflow. Thanks a lot in advanced for your help. Kind Regards Fernando E.
... View more