09-13-2013 04:45 AM
Im looking to allow my BYOD users to access a single IIS instance without authentication against the Captive Portal.
The reason for this would be to allow BYOD users to log into our VDI infrastructure without having to authenticate twice.
The way I have the Welcome GUI on the captive portal - it basically splits our BYOD users into two possible routes...
Route 1 - Internet access only -> Captive Portal Login -> "authenticate against CP" -> Internet delivered.
Route 2 - Virtual Desktop -> Captive Portal Login -> authenticate against CP -> authenticate against VDI -> VDI delivered.
Id like to simplify route 2, buy allowing access to an internal IIS server without CP authentication.
I've been playing around with the statefull firewall but I just cant seem to crack it.
There must be a way for me to specify a port / hst rule to allow this through - I just cant seem to find it :(
Any guidence would be greatly received.
Solved! Go to Solution.
09-13-2013 05:06 AM - edited 09-13-2013 05:28 AM
If I understand you correctly, you want to allow access to the VDI infrastructure while someone is the "logon" role. This should be possible. The question becomes do you want to allow this through a link on the captive portal page (just no auth)? In order for the user to get there you'll need to allow access as you suggest through the firewall rules.
In the logon role; add a new poloicy that is going to allow all the appropriate ports and destinations as permit. You'll need to determine what the hosts are and all the appropriate ports. These will need to go above the captiveportal ACL so it does not intercept any http/https requests.
ip access-list session "allow-vdi-access"
user alias vdi-hosts svc-http permit
user alias vdi-hosts svc-https permit
user alias vdi-hosts <other services> permit
user-role <your logon role>
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
09-23-2013 03:02 AM
Thanks for your speedy reply, (if only mine were so quick)
Would it be possibe to give me a step by step of what you posted please?