When a user initiates web traffic (HTTP or HTTPS) that
matches an
Authentication Policy rule,
the firewall prompts the user to authenticate through Captive Portal.
This ensures that you know exactly who is accessing your most sensitive
applications and data. Based on user information collected during
authentication, the firewall creates a new IP address-to-username
mapping or updates the existing mapping for that user. This method
of user mapping is useful in environments where the firewall cannot
learn mappings through other methods such as monitoring servers.
For example, you might have users who are not logged in to your
monitored domain servers, such as users on Linux clients.