If the user identification agent is unable to associate a user
with an IP address, a captive portal can take over and authenticate the user with
a web form.
To receive the web form, users must be using a web browser and be in the process of
connecting.
Upon successful authentication, users are automatically directed to the originally
requested
website. The firewall can now execute policies based on the user information for any
applications
passing through the firewall, not just for applications that use a web browser.
The following rules apply to captive portals:
- Captive portal rules work only for web (HTTP) traffic.
- A web page prompts the user to specify a user name and password.
If the above-mentioned captive portal rules do not apply because the traffic is not
HTTP or
there is no rule match, then the firewall applies its IP address-based security policies.
Deep Edge
validates the user name and password against LDAP server. If successfully authenticated,
Deep Edge adds the IP address-to-user mapping to local
cache for the time-to-live (TTL) life cycle. If authentication fails,
Deep Edge notifies the user that authentication was not
successful.
Deep Edge allows administrators to design and
create the text that users see when they sign on. The customizable message includes:
- Company logo
- Company name
- A welcome message
- External HTTP link (URL)