How to Configure Captive Portal

How to Configure Captive Portal

Created On 09/25/18 17:27 PM - Last Updated 09/11/19 02:39 AM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
  • PAN-OS 7.0 and below.
  • Captive Portal configuration.



The attached document gives step-by-step instructions for configuring captive portal in PAN-OS 7.0 and below. For the newer PAN-OS versions, Refer documentation Captive Portal Auth , Captive Portal Modes and  Configure Captive Portal.

Four scenarios are covered:

  1. Web form login page- Transparent mode
  2. Web form login page - Redirect mode
  3. Client certificate
  4. NTLM authentication


  1. Starting with PAN-OS 5.0, the action previously named "captive-portal" is now "web-form." Only the name has changed. The web-form page prompts the unknown user for credentials.
  2. The action previously named "ntlm-auth" is now "browser-challenge.".Only the name has changed. The browser-challenge action authenticates users behind the scenes through the NTLM support in the browser (for example, IE and Firefox).

Note: The 'no-captive-portal' action remains unchanged. When the initial traffic is https, Captive Portal will not be presented because of encryption. For HTTPS traffic to have Captive Portal launched, enable decryption.
For more details reference the following link How to Implement and Test SSL Decryption



  • Print
  • Copy Link

Choose Language