We have random users getting the captive portal popup, not sure where to begin to troubleshoot.
Any help would be appreciated.
We have random users getting the captive portal popup, not sure where to begin to troubleshoot.
Any help would be appreciated.
What does your 'authentication' policy look like? It may be too wide or an exception may be required If it is set to "known users" you may need to figure out if your GP users are losing their mapping for some reason (probing?)
If I have a portal with multiple agent configs, is there a way to tell which config a user is getting?
Isn't it showing up in one of the related logs (auth or GP)? Try unified logs
Not that I can tell.
On a side note, I was on a free Global Knowledge PCNSE test prep call yesterday with like 100 people and dropped your site as a good source of info. :)
Very much appreciated :) should I set up a PCNSE discussion area?
I have the Users Global Protect Logs, where would I find in there what config they are using?
I would expect the authentication log to mention something about this, but look at the unified to be sure. Since an auth action is triggered, there must be a log
@Reaper There is no record of the users name.
I think I know what the issue is, I just don't know why or if there is a way for any palo log to help me figure it out.
Random people are banging on a non-existent IP across firewalls. Let's say in order to cross from firewall "corp" to firewall "hardwork" you first get redirected to a captive portal.
The people in "corp" are getting the auth pop up because something is reaching out to an IP (say 10.1.1.12) within "hardwork".
What I can't figure out is what exactly is reaching out and why.
I think we figured it out..........
WUDO Blowing up TCP Port 7680 on Syslog Server - Windows 10 - Spiceworks
Good news!!