UTM/APP/Captive Portal-lokal

Warnung: Der Anzeigetitel „“ überschreibt den früheren Anzeigetitel „Captive Portal mit einem lokal generierten Zertifikat“.

Konfiguration of the Captive-Portals

Last adaptation to the version: 12.2.0

Wurde mit 12.2 eingeführt, Dokumentation erfolgt mit einer v12.6.0

New:

No changes to the Server Settings are required any more
ACME wildcard certificates can be used for the landing page

notempty

This article refers to a Resellerpreview

12.1.9 (externe & lokale Zertifikate) 11.8.7 (externe Zertifikate) 11.8.7 (lokale Zertifikate) 11.7.3 (externe Zertifikate) 11.7.3 (lokale Zertifikate) 11.7

Preliminary remark

The captive portal redirects an HTTP client in a network to a special web page (so-called landing page) before it can connect normally to the Internet. Thus, acceptance of the condition of use must take place and additional authentication can be configured.

Planning

The following aspects should be considered before configuration:

For which networks should the captive portal be configured?
Will all potential users be reached exclusively?
How and by whom will the terms of use be written?
Should authentication take place?
Which internal web servers are not allowed to be reached from the network behind the captive portal?

Jus a few preparations must be made to use the captive portal:

A certificate must be available for the landing page
Implicit and port filter rules must allow access

Changing the firewall name is no longer necessary since v12.
The host name of the portal page is configured under Area General.

Generate local certificate

The landing page of the captive portal is an HTTPS website. A certificate is required for a browser to classify this page as trustworthy.

At Authentication Certificates Area CA a CA must be created
At Authentication Certificates Area Certificates a Server- certificate must be created.
A separate certificate should be created for the captive portal so that it can be revoked if necessary without affecting other connections or applications.

How to create a certificate on the UTM can be read here.

Captive Portal User

Captive Portal users must authenticate themselves and agree to the terms of use when they connect to an appropriately configured network. Only then is the network access released - according to the port filter rules.	User UTMuser@firewall.name.fqdnAuthentication
notempty Firewall users who are members of a group with the permission Userinterface Adminstrator On ( Authentication User Area Groups Button can access the Captive Portal user management via the User-Interface (in the default port 443)

Add user

Captive Portal users can be managed by:

Administrators
Users who are members of a group with the permission Userinterface Administrator .
They reach the user administration via the user interface.

Caption	Value	Description	Add Captive Portal User UTMuser@firewall.name.fqdnAuthenticationUser Print and save
Login name:	user-DGS-6UM	Randomly generated login name. Once generated, login names cannot be changed after saving.
Password:	IH3-FF5-BSP-APZ-USC	Randomly generated password The login name and password can be regenerated with the button. Once saved, passwords cannot be displayed again.
Expiry date:	yyyy-mm-dd hh:mm:ss	Limits the validity of the credentials
Expiry date:	/ New as of v12.2.2	These buttons can be used to shorten (-) or extend (+) the expiry date by 24 hours from the current time
Print and save		Saves and closes the dialogue, creates an html page with the username and password and opens the print dialogue
		Saves the information and closes the dialogue. The password can then no longer be displayed. However, a new password can be created at any time .
		Closes the dialogue without saving changes.

UTM/APP/HTTP Proxy-Captive Portal extern-lokal2