browser-challenge
—Select
this method if you want the client browser to respond to the first
authentication factor instead of having the user enter login credentials.
For this method, you must have configured Kerberos SSO in the authentication
profile or
NT
LAN Manager (NTLM) authentication in the Captive Portal settings.
If the browser challenge fails, the firewall falls back to the
web-form
method.