https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854785#M44020 <P>Hello,</P> <P></P> <P>I'm deploying sourcefire to my domain. I just brought it out of monitor only mode. I had a handful of acl's which delt with social media sites etc within sourcefire. I was expecting it to hit the captive portal, but nothing ever comes up.</P> <P></P> <P>I have followed the requirements, I have a routed deployment, I put a "trust" acl into sourcefire for all traffic sourced from private networks to the port I configured the captive portal on.</P> <P></P> <P>I configured the captive portal port on both the ASA and within the firepower management center. I set my identity policys to ONLY include active authentication... and for testing configured it explicitly as Http basic authentication. I am never greeted with a prompt.</P> <P></P> <P>I'm currently testing the functionality with an http site vs something like facebook using https.</P> <P></P> <P>Does anyone have any insight into what could be the issue here?</P> <P>is there any way to explicity hit the captive portal to verify its even functioning?</P> <P></P> Sun, 10 Mar 2019 13:36:02 GMT Robert Nethken 2019-03-10T13:36:02Z https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854785#M44020 <P>Hello,</P> <P></P> <P>I'm deploying sourcefire to my domain. I just brought it out of monitor only mode. I had a handful of acl's which delt with social media sites etc within sourcefire. I was expecting it to hit the captive portal, but nothing ever comes up.</P> <P></P> <P>I have followed the requirements, I have a routed deployment, I put a "trust" acl into sourcefire for all traffic sourced from private networks to the port I configured the captive portal on.</P> <P></P> <P>I configured the captive portal port on both the ASA and within the firepower management center. I set my identity policys to ONLY include active authentication... and for testing configured it explicitly as Http basic authentication. I am never greeted with a prompt.</P> <P></P> <P>I'm currently testing the functionality with an http site vs something like facebook using https.</P> <P></P> <P>Does anyone have any insight into what could be the issue here?</P> <P>is there any way to explicity hit the captive portal to verify its even functioning?</P> <P></P> Sun, 10 Mar 2019 13:36:02 GMT https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854785#M44020 Robert Nethken 2019-03-10T13:36:02Z https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854786#M44021 <P>Hi</P> <P></P> <P>You can verify config referring to this article.</P> <P>https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/200329-Configure-Active-Directory-Integration-w.html</P> <P>Apart from that if you have a rule with "trust" action , I would suggest to make it allow.</P> <P>Is&nbsp; the traffic coming to captive portal tagged ? If it is then , I would suggest to upgrade to 6.0.1 as there is a known issue with tagged traffic with captive portal.</P> <P></P> <P>Thanks</P> <P>Yogesh</P> <P></P> Sat, 16 Apr 2016 10:14:17 GMT https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854786#M44021 yogdhanu 2016-04-16T10:14:17Z https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854787#M44022 <P>I did infact follow that very guide. I have changed my ACL within sourcefire to "allow" instead of "trust" now. There is still no prompt for active authentication.</P> <P></P> <P>I will look into getting this upgraded to 6.0.1</P> <P></P> <P>I will leave feedback once that is done, any other things I can do to check in the meantime are appreciated!</P> Mon, 18 Apr 2016 12:51:40 GMT https://community.cisco.com/t5/network-security/sourcefire-captive-portal/m-p/2854787#M44022 Robert Nethken 2016-04-18T12:51:40Z