Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 641 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guest Network - XG port 8090 (IPS error messages) not accessible

Nathan_K

I have my network segmented and am using web filtering on our GUEST network to ensure that certain content is not accessible to visitors or my kids. I have Captive Portal enabled in Administration on my GUEST network, however; when a someone tries to reach a site deemed as WARN or BLOCK, they get an error message that the site is unavailable. It is attempting to access the site via the hostname, which resolves to the WAN IP when pinged. Any idea on how to fix this so that Captive Portal works properly?

Sophos XG 19.5 GA
High-Availability Enabled
Home License



This thread was automatically locked due to age.
Parents
  • 0

    This is mainly a DNS problem. How to you configure your name resolution?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    I have the DNS on that zone set to use OpenDNS servers, intentionally. I thought it might be a DNS issue, so I tried putting the internal IP into the machines "hosts" file, but that didn't seem to help either. I also tried setting up a NAT to redirect traffic from that zone headed toward the WAN IP to go to the internal IP on that zone, but that didn't work either, although; I may have had the NAT mis-configured. I saw it getting hits, but it wasn't going where I wanted.

    - Nathan Kodak

Reply
  • 0 in reply to jprusch

    I have the DNS on that zone set to use OpenDNS servers, intentionally. I thought it might be a DNS issue, so I tried putting the internal IP into the machines "hosts" file, but that didn't seem to help either. I also tried setting up a NAT to redirect traffic from that zone headed toward the WAN IP to go to the internal IP on that zone, but that didn't work either, although; I may have had the NAT mis-configured. I saw it getting hits, but it wasn't going where I wanted.

    - Nathan Kodak

Children
  • 0 in reply to Nathan_K

    Hi Nathan_K

    Please with the following : 

    From CLI check any drop packets

    console>dr  'host <websitename>

    console>tcpdump 'host <websitename>

    Please check the log Viewer logs ||  Web filter, application filter and IPS logs check the drops logs 

    Share the output 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML