Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 10224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive Portal failed when if a machine used by multiple users

tim toa

Recently I am testing the Captive Portal feature on Sophos XG Firewall (VM).

I have enabled Captive Portal on LAN interface which connected to a sigle Macbook that has multiple local profile for different users.

However I found out that when User A authenticated on Captive Portal then switch local account on Macbook. Surprisingly User B can re-use the authentication session of User A to browse the internet not even need to authenticate on Captive Portal. I suspect the reason because both local account on Macbook also receive the same IP address from DHCP in Sophos firewall.

Is there anyway to have both users authenticate separably even they are using the Macbook?



Edited Tags
[edited by: Erick Jan at 12:09 AM (GMT -7) on 16 Sep 2022]
Parents
  • +1
    Under Authentication \ Services.
    Redirect to a URL after login should be checked.
    URL to redirect is the User requested URL
    Preserve captive portal after login is Yes
    Use keep alive to maintain user session is Enabled.
     
    On the client, may sure you are not blocking pop-ups (or have exception that allows from XG)

    Browse somewhere.
    You should get a captive portal login.
    Log in.
    It should open up a new tab with your destination.
    You should now have a tab to Captive Portal saying you are logged in, plus another to do your browsing.
    You should be able to browse.
    Close the captive portal tab.
    Try to browse - you should now for forced to log in again.
    Basically, your login will only last as long as that tab is open and there is a keepalive to the XG.
     
    Now try with the Mac.
    Have the captive portal currently logged in tab open.
    Switch users.
    Try to browse using new user.
     
    AFAIK because the previous tab (in the background user) is not doing a keep-alive it should think there is no current user and Captive Portal should appear.
     
    Note: This is what happens in Windows.  I've not tested in Mac.
  • 0 in reply to Michael Dunn

    I've noticed that in v18 that closing the captive portal with these setting will still allow the user to browse.  Is this a know bug?

    The user is not forced to login again until the timeout. 

    Even after a reboot of the machine the User is still authenticated and other users are able to browser with the previous users profile.  

Reply
  • 0 in reply to Michael Dunn

    I've noticed that in v18 that closing the captive portal with these setting will still allow the user to browse.  Is this a know bug?

    The user is not forced to login again until the timeout. 

    Even after a reboot of the machine the User is still authenticated and other users are able to browser with the previous users profile.  

Children
  • 0 in reply to TexasRaptor

    TexasRaptor said:

    I've noticed that in v18 that closing the captive portal with these setting will still allow the user to browse.  Is this a know bug?

    The user is not forced to login again until the timeout. 

    Even after a reboot of the machine the User is still authenticated and other users are able to browser with the previous users profile. 

    In v18 we reorganized the configuration to make it clearer but the underlying functionality is the same.

     

    You can configure it many ways, one of which is the behavior you describe.  Other ways of configuring it have different behavior.  Not a bug if you configure it to do that.

    What is it that you want to achieve, and how do you have the options configured to do that (screenshots are helpful)