Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 29 subscribers
  • Views 4101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive portal authentication rules not working

Donatius Egesa

Previously, before I updated our firewall to SFOS 17.5.0 GA, users always had to login via the Authentication Agent or the Captive portal on the browsers before they could access internet. But of late, this is not working. I have seen this on quite a number of devices, once they join our organisation network either through WIFI or LAN, they are automatically connected to the internet without login to the firewall.

I would like to know what could have happened? Did the update alter my firewall rules or there could be something am not doing right. One thing for sure, i have not amended my firewall rules in the longest time and they have been working till when I update our firewall to this firmware build(SFOS 17.5.0 GA). Any assistance is highly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    We have not changed anything in 17.5, most likely something on the firewall rule configuration changed.

    Go to Log Viewer, Web Filter.

    Do you see entries that does not have a user that should have been authenticated?

    Click on the icon to switch to detailed view.  You'll have to select Web Filter again.

    Find an entry with user="" and then look at the fw_rule_id="5"

    Go look at your firewall rules.  Is rule 5 (for example) the rule you think the web traffic should be going through?  Does that rule have the correct authentication configured on it?

  • 0 in reply to Michael Dunn

    Unfortunately, web filter has no records found. Any more suggestion, I could give you remote access maybe so that you help me take a look at my rules.

  • 0 in reply to Donatius Egesa

    That means you have a firewall rule somewhere that is handling http/https traffic and not sending it through the proxy.  This can happen with Service = Any or Service = TCP.

    Open log viewer (top right) and switch to policy tester.  Use it to test your firewall rules and find out which rule it is hitting.

  • 0 in reply to Michael Dunn

    Hey there, i have tested some rules and this is what i get with unauthenticated user

    Connection
    Test time            08:22:43 Thursday
    Destination        https://google.com
    Destination IP    216.58.223.46, port 443, TCP
    User                  User unauthenticated
    Result               Allowed
     
     
    So, what next, since i don't remember amending any of these rules at anyone point previously.
  • +2 in reply to Donatius Egesa

    Authentication is controlled by the firewall so you must be using "Test Firewall Policy".

    It will look like

     

    So you see the firewall rule is "aaa" and is id 5.

    Now go to your firewall rules and look at that rule.

     

    See in this case it is a rule applying to "Any" Service.  Which means this rule is a pretty wide open rule allowing almost anything through the firewall.  You can see that the green "Web" means that there is the web proxy running on it.  Going into it, take a look if "Match known users" is set.

    Usually the problem is that a rule has been created, enabled, or moved so that the rule you intend to use is not the rule that is actually being used.

       

  • 0 in reply to Michael Dunn

    Thank you very much, this helped me. I got the culprit firewall rule that was giving me headache. I now have everything back to normal.

Reply Children
No Data