This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Nonaxium
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Nonaxium
12-13-2020
3Posts
0Likes
0Solutions
Dec 13, 2020Last Visited
User
Activity
User
Profile
Latest posts by Nonaxium
| Subject | Views | Posted |
|---|---|---|
| 2194 | 12-12-2020 09:25 PM | |
| 2470 | 12-12-2020 09:09 PM | |
| 2603 | 12-11-2020 01:51 PM |
User Badges
Community Statistics
| Member Since | 12-11-2020 01:39 PM |
| Date Last Visited | 12-13-2020 12:46 AM |
| Posts | 3 |
12-12-2020
09:54 PM
@Nonaxium,
It might help to actually say what NAC solution you are using. There's some rather large differences between quarantine configuration between NAC solutions, so knowing how your NAC solution is actually attempting to route to the authentication page would be good to know. Some solutions have you use the NAC appliance as the DNS server for the quarantine VLAN, and others are expecting you to forward all traffic to the NAC authentication page through a proxy.
When it comes to routing on the PAN side, that's going to depend on the rest of your network configuration and how you have things setup. In some situations you could just use a simple static route because the quarantine VLAN is terminating on a dedicated PAN interface, and in others you'll have to use a PBF so that you can capture just the addresses that you are looking for. The firewall isn't going to proxy and redirect the URL to your NAC auth page if that's a requirement however.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks