Can XG Captive Portal Support ALl Mobile devices Android & IOS

Can you give us more insight on this request? 

sure can....usually Captive portal is https and first time user will have certification error and click add/ advance proceed page to continue to view the login page.

So we can download the SSL certificate from XG and import into Windows or Mac OS browser (Chrome,Firefox, IE, EDGE and etc) to avoid the certificate error.

So how about mobile devices? how to avoid the certification error. (assume this is public WiFi)

Why do you dont use any public signed certificate in the first place? 

Why do you dont use any public signed certificate in the first place? 

because the XG firewall is an internal site using a certificate from a private CA (no public certificates allowed on private IP addresses).

I have the same issue: laptops/desktops are fine with captive portal, either displaying error which can be added to exceptions, or installing certificate of private CA. But on mobile devices, I cannot override the certificate error (browser won't allow, neither Chrome nor Firefox on Android), and I cannot install the certificate in a way that the browser recognizes it. 

This happens when a firewall rule directly enforces authentication.

When a Web policy enforces authentication (as part of a firewall rule), the captive portal is shown fine. So it may have to do with how traffic is intercepted by Sophos XG (network vs. application layer) when redirecting to captive portal.

I wonder if anybody uses this feature with mobile devices so that there are so few answers to this. I strikes me as a very valid and frequent scenario ... So if you have made it work, please share.

Thanks.

Configure the captive portal to use a hostname rather than ip address, and then purchase a certificate for that hostname from a trusted CA.

https://community.sophos.com/kb/en-us/132058

More background info:

https://community.sophos.com/kb/en-us/132997