Create a network object

Create a network object to enable access using a fully qualified domain name for captive portal authentication.

This task discusses how to start configuring the captive portal as an identity source.

Before you begin

(Snort 3 only.) Create a fully-qualified host name (FQDN) using your DNS server and upload the Firewall Threat Defense's internal certificate to the Firewall Management Center. You can consult a resource such as this one if you've never done it before. Specify the IP address of a routed interface on one of the devices managed by your Firewall Management Center.

For more information about the network object, see Redirect to host name network rule conditions.

Procedure

Step 1

If you haven't already done so, log in to your Firewall Management Center and click Objects..

Step 2

Expand PKI.

Step 3

Click Internal Certs.

Step 4

Click Add Internal Cert.

  1. In the Name field, enter a name to identify the internal cert (for example, MyCaptivePortal).

  2. In the Certificate Data field, either paste the certificate or use the Browse button to locate it.

    The certificate Common Name must exactly match the FDQN with which you want captive portal users to authenticate.

  3. In the Key field, either paste the certificate's private key or use the Browse button to locate it.

  4. If the certificate is encrypted, select the Encrypted check box and enter the password in the adjacent field.

  5. Click Save.

Step 5

Click Network.

Step 6

Click Add Network > Add Object.

  1. In the Name field, enter a name to identify the object (for example, MyCaptivePortalNetwork).

  2. Click FDQN and, in the field, enter the name of the captive portal's FDQN.

  3. Click an option for Lookup.

    The following figure shows an example.

    Users can access your captive portal configuration with a fully qualified host name. Enter the host name in the dialog box.

  4. Click Save.

What to do next

Create an identity policy and active authentication rule.