About JHOOPA

Hi @JHOOPA ,   You are correct, I can't find any documentation either.  I have configured the authentication portal for network access, and not just for IP-User-Mapping.  You would follow this doc -> https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/map-ip-addresses-to-users/map-ip-addresses-to-usernames-using-captive-portal/configure-captive-portal.   For my case, it was a web app and the redirection occurred within HTTPS.  The server for which I was requiring additional authentication was specified in the destination of the authentication policy.  Once I logged into the portal, the web page behind the firewall came up.  The 1st note in the above URL is extremely important.  If you want to redirect HTTPS, you will need to enable SSL Decryption.   If you want to use the authentication portal for "general user network access" as you say, you would have to have the user manually login to the portal or use "the native captive portal assistant built in to the endpoint operating system (OS)."  https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-quick-configs/captive-portal-and-enforce-globalprotect-for-network-access   The authentication portal is a good option, but requires a lot of steps to configure.  For general user network access, you may also want to consider alternative methods such as User-ID in the security policy, which also requires authentication.  If no method of User-ID is available, GlobalProtect with an internal gateway with no tunnel is an option.   Thanks,   Tom   Edit:  Here is an additional link -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCEzCAO.   ... View more