No Redirect to captive Portal

Maik1 · ‎2020-11-18

I am currently trying IA with Captive Portal. If I enter the captive portal manually, everything works. I can log in and get into the internet. But I do not get a redirect for https either for http. The browser shows me: Connection Timed out. I let Wireshark run, there is no answer. For my test client https inspection is active and for my layer application control is also active. Do you have an idea?

Appliance: 61K

Software Version: R80.20SP

Captive Portal.JPG

Maik1 · ‎2020-11-18

The picture as an attachment, so you can read it

_Val_ · ‎2020-11-18

Do you have a rule allowing certain network to go to your captive portal URL?
Parent rule 101 is matching certain fixed source and destination,

rule 101.1 only works when identity is acquired already, but I do not see any policy rule that allows that acquisition. All you will see here will be drops on rule 101.2

Maik1 · ‎2020-11-19

Hi _Val_,

thank you for the response. if I am not logged in, I see drops in Rule 101.2, so it looks like you are right. But how I do I build the rule for acquisition? I'm not sure, what you mean. For example in sk121074 they have the same rules. I thought, if I activate the "Enable Identiy Captive Portal" as an action, there will be the redirect.

_Val_ · ‎2020-11-20

No, not the same rules. Any of the examples in the SK have ANY for Destination. You do not, your parent rule is very specific, and destination does not include FW itself. This is what I am trying to explain, redirection does not work, because your policy does not allow user to FW connectivity.

Are you a member of CheckMates?

No Redirect to captive Portal