Palo-Alto Subinterface Config
First make the interface Layer3 and dont assign any IP address to the physical interface, as we will assign the IP to the subinterface
Captive Portal
Captive Portal policy rule requires user authentication, unknown users sending HTTP or HTTPS traffic will be authenticated. User being prompted for a username and password.
The Captive Portal (both Web form and NTLM Authentication) requires a L3 IP addressed interface on the Palo Alto Networks firewall.
Web form login page – transparent mode:- The firewall temporarily present the login page, user will get a browser security warning.
Web form login page- redirect mode:- The user is redirected to an L3 interface on the firewall that presents the login page, user will not get a browser security warning.
Client Certificate:- A certificate is used to authenticate the client, user is not prompted to type in a username/password.
NTLM authentication:- Windows users running IE or Firefox can authenticate via NTLM, without any
user intervention. If the user’s browser does not support NTLM, the device presents the web form login page, user is not prompted to login.
Required:
LDAP Profile---Devicetab-> Server Profiles
Authentication Profile---Devicetab-> Authentication Profile
Certificates---Devicetab-> Certificates screen->Generate a new certificate
Enable User Identification on the Zone
Captive Portal Settings
Under Policies for captive portal select the zones, services and action as web-form
Also under management profile response pages should be checked
First make the interface Layer3 and dont assign any IP address to the physical interface, as we will assign the IP to the subinterface
Captive Portal
Captive Portal policy rule requires user authentication, unknown users sending HTTP or HTTPS traffic will be authenticated. User being prompted for a username and password.
The Captive Portal (both Web form and NTLM Authentication) requires a L3 IP addressed interface on the Palo Alto Networks firewall.
Web form login page – transparent mode:- The firewall temporarily present the login page, user will get a browser security warning.
Web form login page- redirect mode:- The user is redirected to an L3 interface on the firewall that presents the login page, user will not get a browser security warning.
Client Certificate:- A certificate is used to authenticate the client, user is not prompted to type in a username/password.
NTLM authentication:- Windows users running IE or Firefox can authenticate via NTLM, without any
user intervention. If the user’s browser does not support NTLM, the device presents the web form login page, user is not prompted to login.
Required:
LDAP Profile---Devicetab-> Server Profiles
Authentication Profile---Devicetab-> Authentication Profile
Certificates---Devicetab-> Certificates screen->Generate a new certificate
Enable User Identification on the Zone
Captive Portal Settings
Under Policies for captive portal select the zones, services and action as web-form
Also under management profile response pages should be checked
No comments:
Post a Comment