This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add a subnet to lan zone

Hello,

I have a wifi AP hosting some networks, I would like to make them going un-natted to my XG firewall.

I wasn't able to find how to add subnets to zone LAN.

Static route is set, ping are fine. But when I try to route outgoing packets to WAN, there is a redirect to authentication page but the page never appears.

So I guess the firewall is not able to identify those subnets, and doesn't allows authentication.

What is the best way to solve this ?

Thanks for your help

This thread was automatically locked due to age.

Parents

0 FormerMember over 4 years ago

Hi Nicolas HORCHOWER

Thanks for reaching out, and welcome to the Sophos Community!

What is the firmware version on your firewall? Did you configure match known users and use web authentication for unknown users on LAN to WAN firewall rule?

Can you share the screenshot of that redirected authentication link?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Nicolas HORCHOWER over 4 years ago in reply to FormerMember

Hello Harsh,

Thanks for your reply.

I'm using SFOS 18.0.4 MR-4

Yes I've configured match known users + use web authentication for unknown users on Lan to Wan rule

When I try to open a URL like yahoo.de, it is redirected to a URL starting with my firewall name:
https://MY_FW:8091/ntlmauth.html?2yahoo.de/

I wasn't able to find something on the log

Best Regards
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Nicolas HORCHOWER over 4 years ago in reply to FormerMember

Hello Harsh,

Thanks for your reply.

I'm using SFOS 18.0.4 MR-4

Yes I've configured match known users + use web authentication for unknown users on Lan to Wan rule

When I try to open a URL like yahoo.de, it is redirected to a URL starting with my firewall name:
https://MY_FW:8091/ntlmauth.html?2yahoo.de/

I wasn't able to find something on the log

Best Regards
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FormerMember over 4 years ago in reply to Nicolas HORCHOWER
Hi Nicolas HORCHOWER,

Did you configure LAN to WAN rule with DNS service on top of the user identity-based rule?

Check out the following KBA for more info:

Sophos Firewall: The Captive Portal does not display

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Nicolas HORCHOWER over 4 years ago in reply to FormerMember

done, but it doesn't solve my issue.

my DNS is internal. I also tried to replace the firewall FQDN with its IP : same result.

I'm not able to reach the admin nor the user page on the FW.

I can ping it,

I'm not able to connect via ssh (with IP address or fqdn).

I see in log web traffic catched, but no feedback about the portal.

That's why I was trying to find a way to add my other subnets to the portal.

BTW, local lan traffic is fine, and if I masquerade my traffic it is ok too (but I can't let traffic masqueraded).

Any idea to get a better log of firewall local interface or service

Thanks
Cancel
Vote Up 0 Vote Down

Cancel