About mcw015

Thanks for the info.  We weren't sure if the HA pair would operate on different versions of code.  Our aruba stuff doesn't like to play nice when we upgrade the passive and fail it over while we try to upgrade the primary.  ... View more

CAVEAT:  Below I use the phrase "Captive Portal" because that is the function we are using this policy for.  In actuality, we are using a URL Filtering policy to match any URL *  ,  *.*  ,  *.*.*  ,  *.*.*.* and loading a Continue and Override Page.  We are NOT using Palo Alto's Captive Portal feature. The before.jpg image shows how the rule was configured when we were seeing broken image links on our custom page.  When we looked at the URL for the broken images, we noticed that each image was being filtered through the Guest_Captive_Portal rule instead of the Guest_Captive_Portal_JPEGs rule.  So, with our Guest_Captive_Portal_JPEGs rule configured with Source Zone = any and Source Address = Guest WiFi network range, the images weren't loading properly. The after.jpg image shows how the Guest_Captive_Portal_JPEGs rule is currently configured and working properly.  When we set the Source Zone = Guest-Trust and Source Address = any, the images load without issue.  Again, we aren't sure why this change made a difference.  If someone can explain to us why that is, we'd greatly appreciate it.  Either way, it is working as desired with the changes identified above. ... View more

I originally had the permit portion of the rule set to our guest wifi network address range.  This resulted in broken image links.  When we viewed the source of the broken images, each image was being "captive portaled".  We changed the permit rule to our Guest ZONE and poof, everything worked beautifully.  So the lesson learned, though we aren't entirely sure why, is that for this solution you must permit a zone not an address range.  Thanks for your help!  We greatly appreciate it. ... View more

That was my mistake... in the above reply I said "href" but I actually meant "img src".  Here's the full story on what we are trying to do.  I'm at a University and we want to use the PA as our Captive Portal for our guest wireless network.  We cannot use the Captive Portal of the PA because we are not going to be creating hundreds of guest accounts on daily basis, that would be a management nightmare for us.  So to get around this, we are using a URL filtering profile that throws up a custom page with our AUP and an "I Agree" button.  The images load when I view the page from the Trusted Zone, but they don't load when viewed from Untrusted Zone.  I made a rule to allow any-any-web browsing to the server hosting the images and placed that above the rule that dumps guests into our "captive portal" rule but that did nothing to alleviate the broken images.  I've attached the html. ... View more

No, I am not using the factory default page.  I loaded a custom web page that is supposed to display when a user attempts to visit URL x.x.x.x.  The text of my custom page loads fine but the images that are part of the page display as broken.  When I go straight to the URL of the images the display just fine, but for whatever reason, the href in the custom web page is not being allowed to display those images.  Do I need to add a rule to the firewall to allow web-browsing to allow the palo alto to pull the images?  Or should the page simply grab the images as is? ... View more