Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Why does user cannot configure proxy server in captive portal authentication?

  • 1.  Why does user cannot configure proxy server in captive portal authentication?

    Posted May 29, 2020 12:59 AM

    I read in 8.6 user guide and saw note that user cannot configure this settings.

    So how to configure? 

    End-user would like to user proxy for guest and tried to fill in form but error while summiting.

    Please advice to configure this.



  • 2.  RE: Why does user cannot configure proxy server in captive portal authentication?

    Posted May 29, 2020 04:49 AM

    Can you please put a reference to what configuration option you are trying to do?

     

    What I could find is an option to let the captive portal run via a proxy server (with remarks on certificate challenges) as well as on the same page there is an option to redirect common proxy ports (8000/8080/8081) for guests in the captive portal role. The last one is to support clients that are configured to use a proxy on port 8000/8080 or 8081.

     

    If you want to run all guest traffic through a proxy, you should configure your proxy in transparent mode, make sure that the guest traffic is routed through that transparent proxy, and you don't need to do anything on the controller. Running an explicit proxy requires client-side configuration (or support for WPAD), which in practice doesn't work for guest networks.



  • 3.  RE: Why does user cannot configure proxy server in captive portal authentication?

    Posted May 31, 2020 12:31 PM

    I don't have more information about proxy configuration right now. 

    My customer needs all guest traffic though the proxy.

    Please advice.



  • 4.  RE: Why does user cannot configure proxy server in captive portal authentication?

    Posted Jun 02, 2020 04:13 AM

    If you want to run all guest traffic through a proxy, you should configure your proxy in transparent mode, make sure that the guest traffic is routed through that transparent proxy, and you don't need to do anything on the controller. Running an explicit proxy requires client-side configuration (or support for WPAD), which in practice doesn't work for guest networks.

     

    So get a transparent proxy for this scenario.