When configuring the Captive Portal Comfort Page (Device > Response Pages), the configured response page is not presented to the user when visiting encrypted (SSL) sites.
Cause
The Palo Alto Networks firewall looks for the HTTP GET in order to present the Captive Portal comfort/response page. The firewall cannot see the HTTP GET for the HTTPS traffic unless it is decrypted.
Note: GET is an HTTP protocol that supports several request methods that can be used while sending an HTTP or HTTPS protocol request.
Resolution
Decrypt the HTTPS traffic to see the Captive Portal Comfort Page. Please reference the following document for steps on how to decrypt SSL traffic: How to Implement SSL Decryption.