cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
832
Views
1
Helpful
19
Replies

Captive Portal doesn't work in FMC

BaboMigo
Level 1
Level 1

Dears, 

I'am using FTD 6.6.1 managed with FMC, i Configured Internal Certificats, Trusted Certificat, add DNS target with the routed interface, configured the Identity Policy, added it to the Access Policy and allowed it.

When now i go the user computer to go to internet, first i dont have the redirection, secundary, when i write the full URl : https://dj-captiveportal.rasdika.dj:885/ , I get this output : The requested URL / was not found on this server.

BaboMigo_0-1727249017052.png

 

1 Accepted Solution

Accepted Solutions

Active auth is ALWAYS better than passive auth.  That being said captive portal sucks.  The best solution is active authentication using 802.1X to ISE and share that context with FMC via pxGrid.  If that is not available for whatever reason I would personally position ISE-PIC as a "good enough" solution before enforcing an annoying captive portal.

View solution in original post

19 Replies 19

Can I know what you try here 

Thanks

MHM

Take a look at this video please and see if it helps:

18. Cisco FTD Identity Policy: Active Authentication (youtube.com)

BaboMigo
Level 1
Level 1

Hi 

@MHM Cisco World i am trying to make acitve authentication with FMC.

@Aref Alsouqi i did exactly what he does in video youtube, but nothing !!!!

balaji.bandi
Hall of Fame
Hall of Fame

how about only domain name with out port 885 ? what you get. 

have you session analysis active user and events ?

@Aref Alsouqi suggested i have used many times and it works as expected.

check also guide from Cisco : (it has some videos )

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_identity_policies.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_realms.html

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BaboMigo
Level 1
Level 1

Thanks @ahollifield i will upgrade the version, because it isn't working correctly

@MHM Cisco World your recent link is for FDM, i'am using FMC to manage and think it is a bit different !

The big issues is, that the portal captive work once per day, after i disconnect, i have issue to reconnect !

I would also question why captive portal on the FTD at all?  Why not perform captive portal redirect on the NAD instead?  

BaboMigo
Level 1
Level 1

The captive portal is for Active Authentication in Identity Policy inside FMC, authenticate Users in LAN through to captiveportal before to access some ressources(like internet ...) ::::

what you mean in NAD ?

Network access device. Switch, WLC, etc. what is the NAC solution in the environment? Why not use ISE or ISE-PIC?

BaboMigo
Level 1
Level 1

I have only Switchs, Small AccessPoint, and FTD managed with FMC. No ISE or ISE-PIC

So what is the identity source FTD using for auth on the captive portal? Local users? LDAP to AD? Something else?

BaboMigo
Level 1
Level 1

FTD integrated with realm AD..

Got it, so again if there is AD here why use captive portal at all? Why not use ISE-PIC?
Review Cisco Networking for a $25 gift card