SyferLock Help Center

Captive Portal Setup

Prerequisites and Assumptions

This Captive Portal configuration assumes:

  1. The PaloAlto device has been setup with at least two security zones (in this example, the two zones are 'Internal' and 'Sandbox', the latter being the protected resource), and that a security policy has been created between the two zones.
  2. The GridGuard server (virtual appliance) has been setup and configured with a working RADIUS realm (as defined in the previous chapter)
  3. CORS has been enabled for the PaloAlto<->GridGuard server JavaScript communication.

Interface Management Setup

Interface Management Setup

In order to allow the user to login to the Captive Portal, the user-facing interface must be configured to allow certain protocols and options.  This will be found under Network -> Network Profiles -> Interface Mgmt.

  1. Make sure that at a minimum HTTP is checked.
  2. Response Pages MUST be checked in order to render the Captive Portal to the user.
  3. User-ID must also be checked in order to allow proper User-ID mappings.

Interface Setup

Interface Setup

Captive Portal Settings

Captive Portal Settings
  1. On the Device -> User Identification Page -> Captive Portal Settings page, enable Captive Portal
  2. Set the Authentication Profile to the same as in Radius Setup, in this case, 'GridRadius'
  3. Select 'Redirect' as the mode.
  4. Make sure to set the Redirect Host to the IP Address of the user-accessible interface of the PaloAlto device

Security Policy

Security Policy

Commit All Changes

Commit All Changes
  1. Commit and Save all changes
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk