topic No Redirect to captive Portal in Firewall and Security Management

No Redirect to captive Portal

Maik1 — Wed, 18 Nov 2020 11:10:27 GMT

I am currently trying IA with Captive Portal. If I enter the captive portal manually, everything works. I can log in and get into the internet. But I do not get a redirect for https either for http. The browser shows me: Connection Timed out. I let Wireshark run, there is no answer. For my test client https inspection is active and for my layer application control is also active. Do you have an idea?

Appliance: 61K

Software Version: R80.20SP

Re: No Redirect to captive Portal

Maik1 — Wed, 18 Nov 2020 11:13:48 GMT

The picture as an attachment, so you can read it

Re: No Redirect to captive Portal

_Val_ — Wed, 18 Nov 2020 11:23:48 GMT

Do you have a rule allowing certain network to go to your captive portal URL?
Parent rule 101 is matching certain fixed source and destination,

rule 101.1 only works when identity is acquired already, but I do not see any policy rule that allows that acquisition. All you will see here will be drops on rule 101.2

Re: No Redirect to captive Portal

Maik1 — Fri, 20 Nov 2020 07:30:02 GMT

Hi _Val_,

thank you for the response. if I am not logged in, I see drops in Rule 101.2, so it looks like you are right. But how I do I build the rule for acquisition? I'm not sure, what you mean. For example in sk121074 they have the same rules. I thought, if I activate the "Enable Identiy Captive Portal" as an action, there will be the redirect.

Re: No Redirect to captive Portal

_Val_ — Fri, 20 Nov 2020 09:47:23 GMT

No, not the same rules. Any of the examples in the SK have ANY for Destination. You do not, your parent rule is very specific, and destination does not include FW itself. This is what I am trying to explain, redirection does not work, because your policy does not allow user to FW connectivity.