Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Understanding Captive Portal Configuration on the Junos OS Enforcer
To configure the captive portal feature, you create a security policy on the Junos OS Enforcer and then specify a redirection option for the captive portal security policy. You can choose to redirect traffic to an external server or to the Infranet Controller. You can also choose to redirect all traffic or unauthenticated traffic only.
- Redirecting traffic to an external webserver—You can configure the Junos OS Enforcer to redirect HTTP traffic to an external webserver instead of the Infranet Controller. For example, you can redirect HTTP traffic to a webpage that explains to users the requirement to sign in to the Infranet Controller before they can access the protected resource. You could also include a link to the Infranet Controller on that webpage to help users sign in.
- Redirecting unauthenticated traffic—Select this option if your deployment uses source IP only or a combination of source IP and IPsec. The Junos OS Enforcer redirects clear-text traffic from unauthenticated users to the currently connected Infranet Controller or to an IP address or domain name that you specify in a redirect URL. After a user signs in to the Infranet Controller and the user’s endpoint system meets the requirements of the Infranet Controller’s security policies, the Junos OS Enforcer allows the user’s clear-text traffic to pass through in source IP deployments. For IPsec deployments, the Odyssey Access Client creates a VPN tunnel between the user and the Junos OS Enforcer. The Junos OS Enforcer then applies the VPN policy, allowing the encrypted traffic to pass through.
- Redirecting all traffic—Specify this option if you want to redirect all traffic to the URL that you specify in a redirect URL.
- Redirecting traffic with multiple Infranet Controllers—You can configure multiple Infranet Controllers on your Junos OS Enforcer, but it is connected to only one Infranet Controller at any given time. If the connection to the Infranet Controller fails, the Junos OS Enforcer tries to connect to next configured Infranet Controller. As a result, you cannot be sure which Infranet Controller is connected to the Junos OS Enforcer at any given time. To ensure that the Junos OS Enforcer redirects traffic to the connected Infranet Controller configure the default redirect URL or the %ic-ip% option in the URL.
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding UAC in a Junos OS Environment
- Understanding the Captive Portal on the Junos OS Enforcer
- Example: Creating a Captive Portal Policy on the Junos OS Enforcer (CLI)
- Understanding the Captive Portal Redirect URL Options
- Example: Configuring a Redirect URL for Captive Portal (CLI)
