We find that an increasingly number of students never get the captive portal auth dialog popping up once we switch on CP (when we are having a test or exam) for their subnet. The dialog pops up as expected for most of the students, but there are always a significant bunch that somehow never get the chance to authenticate, hence the FW classifies them as 'uknown users' and let them pass by our restrictive traffic rules. All computers are non-domain and from we started using PA-500 8 years ago this setup worked without any problem. Now we are using a VM-100 (currently on the latest v8). It seems that the number of non-authenticated clients augments little by little, but the problem don't seem to affect the same users each time we switch on CP. The user computers may have been in hibernation from before CP was switched on and / or they may have any browser open at the moment we switch on CP. However I thought that any http or https request issued after CP had been switched on would trigger the CP auth dialog to pop up, but apparently this is not the case. I have also tried issuing a 'clear session all filter from <class-zone>' but that does not help either. I am at a loss where to start tracking down this. Please pop in with tips or info on what mechanisms are triggered both on the fw and on the client computers when CP is switched on and where / what to test for in this case... It seems to me that something like this would be nice: while unknown/unauthenticated users exist when CP is active then kick up the CP auth dialog for each of them 🙂 Thanks in advance for help on this 🙂
... View more