Configure the Captive Portal Part 1: Create a Network Object

This task discusses how to start configuring the captive portal as an identity source.

Before you begin

(Snort 3 only.) Create a fully-qualified host name (FQDN) using your DNS server and upload the Threat Defense's internal certificate to the management center. You can consult a resource such as this one if you've never done it before. Specify the IP address of a routed interface on one of the devices managed by your management center.

For more information about the network object, see Redirect to Host Name Network Rule Conditions.

Procedure

Step 1

If you haven't already done so, log in to your management center.

Step 2

Click Objects > Object Management.

Step 3

Expand PKI.

Step 4

Click Internal Certs.

Step 5

Click Add Internal Cert.

Step 6

In the Name field, enter a name to identify the internal cert (for example, MyCaptivePortal).

Step 7

In the Certificate Data field, either paste the certificate or use the Browse button to locate it.

The certificate Common Name must exactly match the FDQN with which you want captive portal users to authenticate.

Step 8

In the Key field, either paste the certificate's private key or use the Browse button to locate it.

Step 9

If the certificate is encrypted, select the Encrypted check box and enter the password in the adjacent field.

Step 10

Click Save.

Step 11

Click Network.

Step 12

Click Add Network > Add Object.

Step 13

In the Name field, enter a name to identify the object (for example, MyCaptivePortalNetwork).

Step 14

Click FDQN and, in the field, enter the name of the captive portal's FDQN.

Step 15

Click an option for Lookup.

The following figure shows an example.

Users can access your captive portal configuration with a fully qualified host name. Enter the host name in the dialog box.

Step 16

Click Save.

What to do next

Configure the Captive Portal Part 2: Create an Identity Policy and Active Authentication Rule