Captive Portal Example: Create a Decryption Policy with an Outbound Rule
This part of the procedure discusses how to create a decryption policy to decrypt and resign traffic before the traffic reaches the captive portal. The captive portal can authenticate traffic only after it has been decrypted.
Before you begin
You must have an internal certificate authority (CA) for your outbound server; in other words, the managed device that decrypts the traffic for captive portal users to authenticate. This certificate must be different from the internal certificate you use to authenticate the captive portal with the managed device.
Procedure
Step 1 | Click . |
Step 2 | Click New Policy. |
Step 3 | Give the policy a unique Name and, optionally, a Description. |
Step 4 | Click the Outbound Connections tab.
|
Step 5 | Upload or choose certificates for the rules. The system creates one rule per combination of CA and networks/ports. |
Step 6 | (Optional.) Choose networks and ports. For more information: |
Step 7 | Click Save. |
Step 8 | Click Edit ( |
Step 9 | Click Edit ( |
Step 10 | Click Users. |
Step 11 | Above the Available Realms list, click Refresh
( |
Step 12 | In the Available Realms list, click Special Identities. |
Step 13 | In the Available Users list, click Unknown. |
Step 14 | Click Add to Rule. The following figure shows an example.  |
Step 15 | (Optional.) Set other options as discussed in Decryption Rule Conditions. |
Step 16 | Click Add. |
)