Solved: Re: Captive Portal doesn't work in FMC

BaboMigo · ‎09-25-2024

Dears,

I'am using FTD 6.6.1 managed with FMC, i Configured Internal Certificats, Trusted Certificat, add DNS target with the routed interface, configured the Identity Policy, added it to the Access Policy and allowed it.

When now i go the user computer to go to internet, first i dont have the redirection, secundary, when i write the full URl : https://dj-captiveportal.rasdika.dj:885/ , I get this output : The requested URL / was not found on this server.

ahollifield · ‎09-30-2024

Active auth is ALWAYS better than passive auth. That being said captive portal sucks. The best solution is active authentication using 802.1X to ISE and share that context with FMC via pxGrid. If that is not available for whatever reason I would personally position ISE-PIC as a "good enough" solution before enforcing an annoying captive portal.

View solution in original post

MHM Cisco World · ‎09-25-2024

Can I know what you try here

Thanks

MHM

Aref Alsouqi · ‎09-25-2024

Take a look at this video please and see if it helps:

18. Cisco FTD Identity Policy: Active Authentication (youtube.com)

BaboMigo · ‎09-29-2024

Hi

@MHM Cisco World i am trying to make acitve authentication with FMC.

@Aref Alsouqi i did exactly what he does in video youtube, but nothing !!!!

MHM Cisco World · ‎09-30-2024

Can you make double check steps by view this doc

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217231-configure-fdm-active-authentication-cap.html

MHM

balaji.bandi · ‎09-30-2024

how about only domain name with out port 885 ? what you get.

have you session analysis active user and events ?

@Aref Alsouqi suggested i have used many times and it works as expected.

check also guide from Cisco : (it has some videos )

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_identity_policies.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_realms.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ahollifield · ‎09-30-2024

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/firepower-ftd-fmc-6-6x-fxos-2-8x-eol.html

BaboMigo · ‎09-30-2024

Thanks @ahollifield i will upgrade the version, because it isn't working correctly

@MHM Cisco World your recent link is for FDM, i'am using FMC to manage and think it is a bit different !

The big issues is, that the portal captive work once per day, after i disconnect, i have issue to reconnect !

ahollifield · ‎09-30-2024

I would also question why captive portal on the FTD at all? Why not perform captive portal redirect on the NAD instead?

BaboMigo · ‎09-30-2024

The captive portal is for Active Authentication in Identity Policy inside FMC, authenticate Users in LAN through to captiveportal before to access some ressources(like internet ...) ::::

what you mean in NAD ?

ahollifield · ‎09-30-2024

Network access device. Switch, WLC, etc. what is the NAC solution in the environment? Why not use ISE or ISE-PIC?

BaboMigo · ‎09-30-2024

I have only Switchs, Small AccessPoint, and FTD managed with FMC. No ISE or ISE-PIC

ahollifield · ‎09-30-2024

So what is the identity source FTD using for auth on the captive portal? Local users? LDAP to AD? Something else?

BaboMigo · ‎09-30-2024

FTD integrated with realm AD..

ahollifield · ‎09-30-2024

Got it, so again if there is AD here why use captive portal at all? Why not use ISE-PIC?