Staff

Technical Tip: How to setup captive portal authentication for the non-domain users/machines with the existing FSSO setup

Forum|Forum|6 years ago
August 12, 2019
0 replies
8774 views

Description
This article describes how to setup captive portal authentication for the non-domain users/machines with the existing FSSO setup for domain users.

Solution
The setup requires FSSO based authentication and should create either a System local or a LDAP authentication for non-domain machines/users.

For FSSO setup, please refer to the cookbook here.

After the FSSO setup, create a User definition/group on the firewall using either LDAP authentication or System local.

Next, the firewall policy for non-domain machines/users have to be created below the FSSO based policy.

In the below example, the Policy ID 1 was created for domain users with FSSO authentication and Policy ID 2 was created for non-domain machines/users with captive portal authentication

The captive portal will be triggered for non-domain machines/users when attempting to access to the Internet as below:

Once the user has authenticated with the provided credentials, the user information is available on the firewall as below:

The user logon information in CLI:

# diagnose firewall auth list

172.31.128.58, bob

src_mac: 00:61:65:67:3a:01

type: fw, id: 0, duration: 318, idled: 6

expire: 239, allow-idle: 300

flag(20): idle

server: LDAP

packets: in 709 out 429, bytes: in 670088 out 62470

group_id: 2

group_name: Non Domain Machines/users

----- 1 listed, 0 filtered -----

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded