Authentication using Captive Portal

Content Gateway provides a Captive Portal option when adding an authentication rule. Captive Portal may be especially helpful in handling mobile and other personal devices brought in to your Forcepoint Web Security networks.

This feature:

  • Redirects users to a web portal page for authentication.
  • Supports captive, interactive (prompted) user authentication of IP addresses (users) that match the Captive Portal rule.
  • Can be used with LDAP, Legacy NTLM, and IWA; RADIUS is not supported.
  • Handles credential caching and expiration per the global configuration; cookie authentication and caching are also supported.

    Note that most applications on mobile devices do not share cookies. For those applications, IP-based identification will be required. See the Credential Cashing section of Global authentication options for more information.

    Also, for web applications that use Ajax, where Ajax is configured to prevent cookies, cookie-mode cannot support sites that include cross-origin requests (CORS) that rely on Ajax.

  • Allows the authentication form (web portal page) to be customized to suit your needs.
  • Supports only basic authentication.
  • Provides the option to display the authentication page using either HTTP or HTTPS.

When adding an authentication rule (see Creating an authentication rule), an option is provided. Navigate to Configure > Security > Access Control > Authentication Rules and click Enabled for HTTPS/HTTP Authentication page next to Captive Portal to select the feature. Users who match the rule are redirected to the web portal authentication page.

Note that when Content Gateway receives an unauthenticated POST request from a user who matches a Captive Portal rule, it redirects the user to the web portal authentication page and does not record the POST data. After successful authentication, the original POST data must be input again.

Note: If the requested URL is configured for tunneling or bypass, no user authentication is performed.

When a rule is added with the Captive Portal option enabled, users are reminded that they can customize the pre-defined web portal page. Go to the new Captive Portal Page Customization tab of Configure > Security > Access Control. Edit the text and HTML to suit your needs. For example, you may want to include your company logo in place of the default logo.