If the user identification agent is unable to associate a user with an IP address, a captive portal can take over and authenticate the user with a web form.
To receive the web form, users must be using a web browser and be in the process of connecting. Upon successful authentication, users are automatically directed to the originally requested website. The Cloud Edge gateway can now execute policies based on the user information for any applications passing through the gateway, not just for applications that use a web browser.
The following rules apply to Captive Portal:
The Cloud Edge gateway validates the user name and password against existing hosted users or entries in the LDAP server or RADIUS server. If successfully authenticated, the Cloud Edge gateway adds the IP address-to-user mapping to local cache for the time-to-live (TTL) life cycle. If authentication fails, the user is notified that authentication was not successful.
If the above-mentioned Captive Portal rules do not apply because the traffic is not HTTP or there is no rule match, then the Cloud Edge gateway applies its IP address-based security policies.
Administrators can design and create the text that users see when they sign on. The customizable message includes:
A welcome message
External HTTP link (URL)