05-23-2016 12:58 AM - edited 03-12-2019 06:01 AM
We're using an asa firepower 5515 which it's sfr is managed by a firesight management center vm. I've configured it's captive portal and it was working for about 1 month with some problems. For some clients the address in addressbar of browser redirects to ip address of inside firewall interface on captive port but it takes about 5 minutes to load and when I checked the logs it seems that all the time sfr is requesting a drop for trraffic to captive portal but I have configured a trust for traffic to port 4455 (captive port). For some other users it never opens. So I decided to use passive authentication with user agent. Now other users that are not joint in Microsoft AD can not be authenticated because captive portal never shows up.
I have used this link http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/200329-Configure-Active-Directory-Integration-w.html to configure the firesight manager and I have generated the certificate in firesight manager NOT in sfr expert mode. Can it be the cause of problem?
This is the log of /var/log/captive_portal.log on sfr expert mode attached.
I also used this thread https://supportforums.cisco.com/discussion/12424996/cisco-asa-sourcefire-captive-portal and output of all commands are attached.
By the way this device is driving me crazy please someone help me on this.