Hi,
We recently upgraded from Cyberoam to XG and can't quite get Chromebooks working using Captive Portal.
Currently XG has these rules:
Rule name: Chromebook
Action: Accept
Source: LAN, LAN
Destination: WAN, Google API Hosts, Google Chrome Web Store
Services: HTTPS
Match known users: No
Web filtering: None
Both with and without this rule, the Chromebooks boot up and return 'Network not available'
I found that I have to add 'Localhost' (XG IP address) to Destination networks and Port 3128 to Services to fix that, but this then allows full unfiltered web access to every site because Captive Portal is bypassed, so I have to change Web filtering to our policy, which we have group-based blocks and an 'Anybody' one. The Captive Portal is only shown when a block page is reached from the 'Anybody' rule in the Web policy. This is a school and have groups for Admin, Teachers, Student and for example Online shopping is blocked for Student. On a Chromebook, they can access Online shopping
Our main Web Access rule is after the Chromebook rule above, and is configured like this:
Rule name: General Web Access
Action: Accept
Source: LAN, LAN
Destination: WAN, Any
Services: HTTP and HTTPS
Match known users: Yes, Any
Use web authentication for unknown users: Yes
What I would like to happen is Chromebooks to always show the Captive Portal whether it's a block page or not, and indeed actually get it to show the Captive Portal instead of just a link to the it?
This should be 'Show captive portal' instead of 'Show captive portal link':
We don't currently have G-Suite SSO setup with AD (we're both on-prem AD and Azure AD). But we do have the Sophos User ID app in G-Suite and force-installed on devices.
Thanks so much 
This thread was automatically locked due to age.
