Captive portal not showing up. Unable to access internet. Where am I going wrong

Firewall Rule 7/9 are Zone based? Is any Interface attached to this Zone? 

Hi Lucar, thanks.

To answer your first question, yes rules 7 and 9 are zone based. I created a separate zone for staff internet and management internet access since that was what was recommended. Please see attached screenshot.

For your 2nd question. I don't think any interface is attached to the zone. I needed help with this since the official Sophos video is doing bridging which is not possible in my device I think (not sure if that is required). In the example; they were using the device which had more ports. I attach another screenshot showing our bridge pair. So the switch is connected to Port 1. Port 2 and 4 are configured as WAN (we have 2 broadband providers providing us internet) and are load balanced. We need authentication rules to apply (and captive page to appear) to people connecting to the AP, Sophos internal wifi SSIDs and of course the LAN users (port 1).

Edit: I am referring to this video https://www.youtube.com/watch?v=YaX5PdtyDS4 though am a little confused on what needs to be done in our scenario.

Hi Lucar, thanks.

To answer your first question, yes rules 7 and 9 are zone based. I created a separate zone for staff internet and management internet access since that was what was recommended. Please see attached screenshot.

For your 2nd question. I don't think any interface is attached to the zone. I needed help with this since the official Sophos video is doing bridging which is not possible in my device I think (not sure if that is required). In the example; they were using the device which had more ports. I attach another screenshot showing our bridge pair. So the switch is connected to Port 1. Port 2 and 4 are configured as WAN (we have 2 broadband providers providing us internet) and are load balanced. We need authentication rules to apply (and captive page to appear) to people connecting to the AP, Sophos internal wifi SSIDs and of course the LAN users (port 1).

Edit: I am referring to this video https://www.youtube.com/watch?v=YaX5PdtyDS4 though am a little confused on what needs to be done in our scenario.

Anyone. Please help. Should I be creating VLANs for my scenario? :(

First of all,

XG uses Source / Destination IP and Service to pick a Firewall Rule.

You can replace the Source IP with a User Name (because XG maps a IP to a Live User). 

A Zone needs a Interface. Therefore without Interface, the Firewall Rule will not match at all regardless of the other configuration.

User Authentication will simply replace the need of using IP Ranges in the zone concept. 

So basically you can run something like LAN to WAN Zone and use Authentication on this zone to specify the "allowed" users. 

Thanks for the response.

Yes I believe I have created the usernames for all the employees of the company. Please see attached screenshot.

I understand I need to link zones to interfaces. However, I am not sure how do I link 2 zones (StafftoInternet and Management) to a single interface (in my scenario I only have a single unbound interface available i.e port 3).

Maybe I just check "Match known users" in the default network policy rule and see what happens? Since that zone is already linked to the Port 1 LAN interface?

I guess, you should talk to your Partner to get a proper configuration up and running.

By the way, those are to many users for a XG105. 

Ahh. the experts I spoke to were recommending a lower end version in fact. :(

Thanks for the help