Captive Portal does not work when Auth Sequence is used in Auth Enforcement object

Captive Portal does not work when Auth Sequence is used in Auth Enforcement object

27892
Created On 09/25/18 17:19 PM - Last Modified 01/25/26 07:29 AM


Symptom


Symptoms

Captive portal will not work if an Authentication Sequence is referenced as the Authentication Profile in an Authentication Enforcement object, as shown below: 

 

auth-enforcement-object.PNG

Diagnosis

Authentication Enforcement objects do not support Authentication Sequence. Only Authentication Profiles with additional factors can be used. If an auth-sequence is added to the Auth Enforcement object it is treated as no-captive-portal behaviour.

Environment


  • PanOS on Strata (Any version)
  • Prisma Access (Any version)

Cause


  • Captive portal function (Now called Authentication portal) configuration in Prisma Access does not support authentication sequence.
  • This is applicable to both Prisma Access managed by Panorama or Strata Cloud Manager.

 

Resolution


Authentication sequence CAN be used if a default web-form Authentication Enforcement object is used in an Authentication policy and if the Authentication sequence is referenced in Captive Portal Settings under Device -> User Identification, as seen below:

 

captive-portal-settings.PNG
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF6CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language