Alternative to captive webportal Palo Alto

The idiotic way to implement user identification when everything else fails.

You need:

GPO to push automaticly run powershell

A webserver, for example Apache

A syslog forwarder, for example rsyslog

And setup the Paloalto firewall as a User ID agent with syslog listener.

Plain and simple. Absolutely not secure, but until I bother with integrating user certificates as authentication for the requests this will do.

Powershell which runs every hour or minute on the clients

The webserver, a simple apache server hosted on an ubuntu box without any content

Install rsyslog if not installed

put the following in /etc/rsyslog.d/02-apache2.conf

Validate the config:

systemctl restart rsyslogd

On the paloalto, enable user-id syslog on the interface and lock the permitted address to the webserver sending the syslogs

add the uid profile to the interface:

Add the following syslog parser:

Setup the server monitor:

and the syslog parser profile.

And you’re good to go. Not secure, but it works as a simple solution

Trip to Bølgekraftverket

Took a sponatious trip to Bølgekraftverket located in Toft, Rong. https://www.google.com/maps/place/B%C3%B8lgekraftverket/@60.4699557,4.9247579,15z/data=!4m2!3m1!1s0x0:0x9092354b5b6cc1c0?sa=X&ved=2ahUKEwiG3YrHms_xAhXql4sKHTVsDIYQ_BIwGHoECEAQBQ

Took a few photos. Fun to take photos again.