Captive Portal Settings on ISA550W and ISA570W Series Integrated Security Appliances

Document

Sat, 07/09/2016 - 10:40
Apr 26th, 2016
User Badges:

Cisco Support Community

Article ID: 3458

Objective

Captive Portal is a feature that navigates wireless users to a web page after they authenticate themselves. You can set Captive Portal to direct wireless users to a company home page or any web page that is deemed fit.

This document explains how to configure Captive Portal settings on ISA550W and ISA570W Integration Security Appliances.

Applicable Devices

• ISA550W Integrated Security Appliance
• ISA570W Integrated Security Appliance

Software Version

• v1.4.14

Captive Portal Settings

Step 1. Log in to the ISA500 Series Configuration Utility and choose Wireless > Captive Portal. The Captive Portal page appears:

Basic Captive Portal Settings

This section shows the procedure to configure the basic settings for the Captive Portal feature.

Step 1. Click the On radio button in the Enable Captive Portal field to enable the Captive Portal feature.

Step 2. From the Apply On drop-down list, choose an SSID that directs users to the Captive Portal.

Note: Only one SSID can be configured with Captive Portal settings.

Step 3. From the Web Authentication Type drop-down list, choose an option for authentication.

• Internal — This option directs wireless users to the default login page where the users enter a username and password to authenticate themselves.

• Internal, no auth with accept button — This option directs wireless users to the default login page where users do not need to enter a username or password for authentication, but instead click an Accept button.

• External — This option directs wireless users to a custom login page on an external web server where the users enter a username and password to authenticate themselves.

• External, no auth with accept button — This option directs wireless users to a custom login page on an external web server. Users do not enter an username or password, but instead click an Accept button.

Step 4. In the Redirect URL After Login field, click a radio button.

• Redirect Client to Original URL — This option directs wireless users to the original URL after they log in.

• Redirect Client to Customer URL — This option directs wireless users to the specified URL after they log in. For this option, enter the URL to which users are directed in the text-entry field below.

Step 5. In the Session Timeout field, enter how long, in minutes, a user is allowed to stay connected before re-authentication is required. A value of 0 means that users can stay connected as long as they want.

Step 6. In the Idle Timeout field, enter how long, in minutes, a user session can remain idle before the connection is disconnected.

Step 7. Click Save.

Configuration for Internal Authentication

Step 1. To show a logo, such as a company logo, on the login page, click Browse and locate the desired logo file.

Step 2. Click Upload.

Step 3. In the Cisco Logo field, click a radio button.

• Show — This option shows the Cisco logo on the login page.

• Hide — This option does not show the Cisco logo on the login page.

Step 4. In the Headline field, enter the text to appear as a headline on the login page.

Step 5. In the Message field, enter a message to appear as a banner on the login page.

Step 6. Click Save.

Configuration for External Authentication

Step 1. In the Authentication Web Server field, enter the URL for the login page of the external web server.

Step 2. In the Authentication Web Key field, enter the key used to encrypt the username and password used by the login page of the external web server. It has to match with the key configured on the external authentication server.

Step 3. Click Save.

Advanced Captive Portal Settings

Note:  To monitor HTTPS traffic, the device uses HTTPS proxy and routes the network through ICAP protocol which will: intercept data communications and decrypt the data, validate the data against a policy, and re-encrypt the key with an SSL certificate.

This procedure shows how to further configure the settings for the Captive Portal feature.

Step 1. (Optional) In the Monitored HTTP Ports table, click Add to add a monitored HTTP port. Traffic on the monitored HTTP port is directed to the Captive Portal. The Port Configuration - Add/Edit window appears:

Timesaver: If you do not want to add a monitored HTTP port, skip to Step 4.

Step 2. In the Port field, enter a port number to monitor.

Step 3. Click OK. You return to the Captive Portal page.

Step 4. (Optional) In the Open Domains table, click Add to add an open domain. Wireless users can access open domains without authentication. The Domain Configuration - Add/Edit window appears:

Timesaver: If you do not want to add an open domain, skip to Step 7.

Step 5. In the Domain field, enter the IP address or URL of the open domain.

Step 6. Click OK. You return to the Captive Portal page.

Step 7. Click Save.

Edit/Delete Advanced Settings

Step 1. In the Monitored HTTP Ports table, click Edit (pencil icon) to edit the HTTP Port.

Step 2. Enter a new port number in the Port field and click OK.

Step 3. To delete a domain, click Delete (cross icon).

Step 4. To save the changes, click Save.

Loading.

Actions

This Document