Captive Portal FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[[Category:FAQs]]
[[Category:FAQs]]
=== Can I use Captive Portal and the User Notification Login Script? ===
Yes. If they are both used, NG Firewall uses the Captive Portal username over the UNLS-specified username. Both can be viewed in the 'View Hosts.' The 'Captive Portal - Username' shows the Captive Portal username, the 'Directory Connector - Username' shows the UNLS/Directory Connector username, and the 'Username' column shows the global username.
It may be better to add a Captive Portal ''Capture Rule'' rule to ''Pass'' when ''username'' == ''[authenticated].'' This rule would ensure that hosts that already have known usernames via the UNLS are not captured via the Captive Portal. This way a host can be authenticated via the UNLS or Captive Portal, but will not need to use both.
=== How can I allow users to log themselves out of Captive Portal? ===
If you need users to be able to log themselves out, they can browse to <NGFW_LAN_IP>/capture/logout to make this happen.


=== Machines behind the Captive Portal page are not working - how can I troubleshoot? ===
=== Machines behind the Captive Portal page are not working - how can I troubleshoot? ===
Line 18: Line 8:


Google OAuth rejects the user agent from the captive portal login helpers on both Apple and Android/Chromebook devices. The solution is to ignore the helper, and only attempt to login by opening a browser window and authenticating on the login page that comes up when captive portal does the capture and redirect.
Google OAuth rejects the user agent from the captive portal login helpers on both Apple and Android/Chromebook devices. The solution is to ignore the helper, and only attempt to login by opening a browser window and authenticating on the login page that comes up when captive portal does the capture and redirect.
=== When I upload my custom zip file I get "The uploaded ZIP file does not contain custom.html or custom.py." Why? ===
The custom.zip must have either a custom.py or a custom.html ''at the top level.'' It can not be within a arbitrary subdirectory. If there is not a custom.py or a custom.html at the top level this message will be displayed.

Latest revision as of 21:46, 14 September 2023


Machines behind the Captive Portal page are not working - how can I troubleshoot?

The Block Event Log shows all traffic that is being blocked because the source machine has not been authenticated. This is useful for finding out what traffic is being blocked and if there is any that should not be blocked. Often idle machines without logged in users can still be active on the network, making this log quite large. If there is activity that shouldn't be blocked under any circumstances this can be fixed by modifying the Capture Rules, the client and server pass lists, or creating bypass rules if Capture Bypass Traffic is unchecked.

Getting "Error: Missing Identity" error on Captive Portal Login when using Google OAuth

Google OAuth rejects the user agent from the captive portal login helpers on both Apple and Android/Chromebook devices. The solution is to ignore the helper, and only attempt to login by opening a browser window and authenticating on the login page that comes up when captive portal does the capture and redirect.