Lab 6: Captive Portal Authentication¶
In this lab exercise, you will a captive portal to authenticate client connecting to the Internet through the SWG transparent proxy.
Estimated completion time: 25 minutes
Objectives:
- Configure SWG with a Captive Portal to facilitate client authentication
- Test web browsing behavior
Lab Requirements:
- Lab 5 previously completed successfully (working SWG transparent proxy deployment)
Task 1 – Create a new Access Policy¶
Use Firefox to access the BIG-IP GUI (https://10.1.1.10, admin/admin)
Browse to Access >> Profiles / Policies >> Access Profiles (Per-Session Policies) and click Create…
Name the profile AP_Transparent_Captive_Portal
Change the Profile Type to SWG-Transparent
Change Captive Portals to Enabled
Set Primary Authentication URI to https://captive.f5demo.com
Add English to Accepted Languages
Accept all other default settings and click Finished
Click on the Edit… link for the appropriate Access Policy created above
On the VPE browser tab, select the + and Add a Message Box object (from the General Purpose tab)
For the Message, enter: Welcome to F5 Agility Guest Wifi Access. Please click the link to accept our terms and access the internet.
For the Link enter Go
Click Save
Select the + after the message box and Add a Logon Page object.
Configure the Logon Page as shown below:
Click Save
Click on the Deny ending and change it to Allow
Click Apply Access Policy
Task 2 – Reconfigure SWG iApp to enable Transparent Capture Portal¶
- Browse to iApps >> Application Services > Applications
- Click on SWG
- Click Reconfigure
- Find the section Which SWG-Transparent Access Policy do you want to use?
- Select AP_Transparent_Captive_Portal
- Change Configure the transparent proxy to relay to a Captive Portal to Yes, relay to a captive portal
- Set the Captive Portal Configuration as follows:
- IP Address: 10.1.20.201
- Port: 443
- SSL Certificate: captive.f5demo.com
- SSL Key: captive.f5demo.com
- Browse to the bottom and click Finished
Task 3 – Testing¶
- Open Internet Explorer on your Jump Host client machine
- Ensure Internet Explorer options are configured to NOT use an explicit proxy
- Browse to https://www.nhl.com
- You should be redirected to the capture portal page, prompted to accept the policy by clicking Go, then prompted to provide your email address before being allowed through.