Authentication Portal Exclusion for Predefined Domains
Configure an Authentication Portal Exclude List to exempt
domains for application background traffic from authentication.
You can now quickly exclude domains that applications
use for background traffic (for example, to update the application)
from requiring authentication by including an Authentication Portal
Exclude List in your authentication policy. This external dynamic
list (EDL) ensures frictionless
application upkeep by allowing the firewall to exclude the domains in
the list from Authentication Portal authentication so that users
don’t need to log in with their credentials to update approved applications.
After you configure the Authentication Portal Exclude List, you
can use it to enforce an authentication policy that
excludes these trusted domains from requiring authentication.
Alto Networks maintains and adds new domains to this EDL through
content updates so that you don’t need to manually discover and
allow these domains to your allow list. To require authentication
for application background traffic, you can customize the entries
in the Authentication Portal Exclude List.
Add the Authentication Portal Exclude List.
External Dynamic Lists
a new external dynamic
for the list.
Predefined URL List
) Enter a
) Customize the list by configuring
which domains require authentication.
When you remove one of the
, the firewall requires authentication to
access that domain.
List Entries and Exceptions
To filter the entries, enter text in the filter and select
To remove an entry from the default list and require
Authentication Portal authentication before the firewall allows
traffic to that domain, select the entry then click the Move button
to move it to the
To include an entry in the
is not in the default list,
To delete an entry from the
select it and
to confirm the configuration
Create or edit an authentication policy rule to exempt
the domains in the Authentication Portal Exclude List from authentication.
select the list you created in Step 1 as the
the rule to the top so
that it is the first rule in the policy.
Verify that the Authentication Portal Exclude List successfully
exempts the specified domains from Authentication policy.
Go to a domain that is included in the list
and confirm that the firewall does not require authentication before
it allows access.
Use the following CLI command to view the number of
entries in the list:
request system external-list show type predefined-url name
the name of the Authentication Portal Exclude List.