Captive Portal NTLM Authentication IPv6

NTLM is just sooo ...  Use other kind of authentication... Nevermind, i am not quite the fan of NTLM :)

So lets check this. Could be some kind of issue with the Client. Did you already perform a Tcpdump on XG? 

https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

The Captive Portal is just a fallback authentication, in case NTLM fails. 

The Wireshark dump file should show the NTLM Authentication. https://en.wikipedia.org/wiki/NT_LAN_Manager

Hi,

thanks for the reply.
We disabled IPv6 random address to identify the source host.
After we have done the following dumps:

IPv4 (x.x.x.x replaced by the real IPv4 address
tcpdump -s0 'host x.x.x.x' -b -w /tmp/data/tcpdump1.pcap

IPv6
tcpdump -s0 'host x:x:x:x:38e2:850f:5bb0:588' -b -w /tmp/data/tcpdump3.pcap

We search in Wireshark with filter http and find the following fpr IPv4

So everything works and seems correct

For IPv6 we can not see any NTLM 

NTLM does not support IPv6 in V17.5. 

At this point, i thought, you mean by opening any site, which supports IPv6, NTLM did not work at all. But you are working with IPv6 adresses in your network. 

Michael Dunn Correct me, if i am wrong. 

Thanks for the fast reply.

i don't understand why Sophos XG is missing so much features in the IPv6 environment.
No FQDN objects, no WAF for IPv6, no PPPoE support for PD IPv6 and now no ntlm support.

IPv6 is not new an we have a growing number of customers using IPv6.
Other vendors have full IPv6 support since years.
So i do not understand "the next generation thing"

Thanks for the fast reply.

i don't understand why Sophos XG is missing so much features in the IPv6 environment.
No FQDN objects, no WAF for IPv6, no PPPoE support for PD IPv6 and now no ntlm support.

IPv6 is not new an we have a growing number of customers using IPv6.
Other vendors have full IPv6 support since years.
So i do not understand "the next generation thing"