Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Configure Captive Portal - Knowledge Base - Palo Alto Networks

How to Configure Captive Portal

96125
Created On 07/18/22 22:57 PM - Last Modified 12/02/22 17:58 PM


Objective


To Configure Captive Portal (Authentication Portal ) Using Redirect Mode And Local Authentication

Environment


  • Palo Alto Firewalls.
  • PAN-OS 9.1 and above.
  • Captive Portal (Authentication Portal).


Procedure


Configuring Captive Portal is documented here . This article provides an example using the following Network Diagram.
1.Topology.PNG
  1. Enable user identification on the internal zone.
Go to Network > Zones > Select the zone > Enable User Identification.
2. enable user identification on zone.PNG
  1. Configure an interface management profile with response pages enable and associate it to the internal interface.
Go to Network > Interface > Select the interface > Advanced Tab > Create Management Interface Profile.
image.png
  1. Create the users and user group.
Go to Device > Users >  Add Users/User Group.
image.png
  1. Configure the certificates.
Go to  Device > Certificates > Generate
image.png
  1. Create SSL Profile and attach the certificate.
Go to Device > SSL/TLS Service Profile > Add
image.png
  1. Configure an authentication profile and add the created group.
Go to Device > Authentication Profile > Add
image.png
  1. Enable captive portal (Authentication Portal)
Go to Device > User Identification > Captive Portal
image.png
  1. Create an authentication policy.
Go to Policies > Authentication > Add
​​​​image.png
  1. Configure decryption policies.
Go to Policies > Decryption > Add
image.png
  1.  Create a security policy to allow DNS and Captive portal traffic.
Go to Policies > Security > Add
image.png
  1. Import the certificates into the trusted root CA from the clients.
Go to Device > Certificates > Select the certificate > Export Certificate
Once the certificates were added to the trusted root CA on the clients, open a web browser. Trying to connect to web sites will display the captive portal box.
image.png
 


Additional Information


Configuring Captive Portal in 9.1
Configuring Captive Portal in 10.1 
Configuring Captive Portal in 10.2
Configuring Captive Portal in 11.0


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language