If the user is unable to pass NTLM/Kerberos authentication,
Captive Portal can take over and authenticate the user with a web form.
To receive the web form, users must be using a web browser and be in the process of
connecting. Upon successful authentication, users are automatically directed to the
originally
requested website. The Deep Discovery Web
Inspector appliance can now execute
policies based on the user information for any applications passing through the appliance,
not
just for applications that use a web browser.
Administrators can design and create the text that users see when they sign on.
The customizable message includes:
-
Company logo image
-
A welcome message
 |
Note
If you modify Captive Portal-related settings, the operation restarts the scan daemon
and the
authentication daemon, which interrupts daily traffic; therefore, this operation should
be
executed during non-working time
|
The following rules apply to Captive Portal:
-
Captive Portal rules work only for web (HTTP/HTTPS) traffic.
-
A web page prompts the user to specify a user name and password.
-
If allowed via an authentication policy, a user can log on as a guest user.
Guest user only matches those policies and HTTPS policies where the traffic source
is
Guest users or Any.
-
Captive Portal supports the following format for the user name:
The Deep Discovery Web
Inspector appliance validates the user name
and password by connecting to Active Directory server using LDAP. If the LDAP connection
is
successful, Deep Discovery Web
Inspector searches for the user in the local
database. If the user information matches, authentication succeeds. If there are no
matches,
authentication fails. If successfully authenticated, the Deep Discovery Web
Inspector appliance adds the IP address-to-user mapping to local
cache for the time-to-live (TTL) life cycle.
|
Note
Deep Discovery Web
Inspector does not store any passwords for end
users.
|
