12p.no blog

Alternative to captive webportal Palo Alto

Written by

raymond

in

The idiotic way to implement user identification when everything else fails.

You need:

GPO to push automaticly run powershell

A webserver, for example Apache

A syslog forwarder, for example rsyslog

And setup the Paloalto firewall as a User ID agent with syslog listener.

Plain and simple. Absolutely not secure, but until I bother with integrating user certificates as authentication for the requests this will do.

Powershell which runs every hour or minute on the clients

The webserver, a simple apache server hosted on an ubuntu box without any content


Install rsyslog if not installed

put the following in /etc/rsyslog.d/02-apache2.conf

Validate the config:

systemctl restart rsyslogd

On the paloalto, enable user-id syslog on the interface and lock the permitted address to the webserver sending the syslogs

add the uid profile to the interface:

Add the following syslog parser:

Setup the server monitor:

and the syslog parser profile.

And you’re good to go. Not secure, but it works as a simple solution

Comments

2 responses to “Alternative to captive webportal Palo Alto”

  1. Hairstyles Avatar
    Hairstyles

    Hey! This is kind of off topic but I need some advice from an established blog. Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about making my own but I’m not sure where to begin. Do you have any points or suggestions? Thanks

    Reply
  2. Beauty Fashion Avatar
    Beauty Fashion

    Great blog right here! Additionally your web site lots up very fast! What web host are you the use of? Can I get your associate link for your host? I desire my site loaded up as quickly as yours lol

    Reply

Leave a Reply to Beauty Fashion Cancel reply

Your email address will not be published. Required fields are marked *

More posts