Configure the Captive Portal Part 2: Create an Identity Policy and Active Authentication Rule

Before you begin

This multi-part procedure shows how to set up the captive portal using the default TCP port 885 and using a management center server certificate for both the captive portal and for TLS/SSL decryption. Each part of this example explains one task required to enable the captive portal to perform active authentication.

If you follow all the steps in this procedure, you can configure captive portal to work for users in your domains. You can optionally perform additional tasks, which are discussed in each part of the procedure.

For an overview of the entire procedure, see How to Configure the Captive Portal for User Control.

Procedure

Step 1

Log in to the management center if you have not already done so.

Step 2

Click Policies > Access Control > Identity and create or edit an identity policy.

Step 3

(Optional.) Click Add Category to add a category for the captive portal identity rules and enter a Name for the category.

Step 4

Click the Active Authentication tab.

Step 5

Choose the appropriate Server Certificate from the list or click Add (add icon) to add a certificate.

Note

Captive portal does not support the use of Digital Signature Algorithm (DSA) or Elliptic Curve Digital Signature Algorithm (ECDSA) certificates.

Step 6

From the Redirect to Host Name field, click the network object you previously created or click Add (add icon).

Step 7

Enter 885 in the Port field and specify the Maximum login attempts.

Step 8

(Optional.) Choose an Active Authentication Response Page as described in Captive Portal Fields.

The following figure shows an example.

You can redirect captive portal users to a network object you previously configured.

Step 9

Click Save.

Step 10

Click Rules.

Step 11

Click Add Rule to add a new captive portal identity policy rule, or click Edit (edit icon) to edit an existing rule.

Step 12

Enter a Name for the rule.

Step 13

From the Action list, choose Active Authentication.

Step 14

Click Realm & Settings.

Step 15

From the Realms list, choose a realm to use for user authentication.

A realm sequence is not supported.

Step 16

(Optional.) Check Identify as Guest if authentication cannot identify user. For more information, see Captive Portal Fields.

Step 17

Choose an Authentication Protocol from the list.

Step 18

(Optional.) To exempt specific application traffic from captive portal, see Exclude Applications from Captive Portal.

Step 19

Add conditions to the rule (port, network, and so on) as discussed in Identity Rule Conditions.

Step 20

Click Add.

Step 21

At the top of the page, click Save.

What to do next

Continue with Configure the Captive Portal Part 3: Create a TCP Port Access Control Rule.