Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 27 replies
  • Subscribers 37 subscribers
  • Views 100227 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive portal and HTTPS requests

MatthiasNeumeister

hi,

I'm running a XG Firewall at home to test it for a bigger project. Now I have an issue with HTTPS requests which really drives me crazy!

I set up rules for users and clientless devices and every other connection will be dropped. If a device wants to connect to a website with http the captive portal is displayed and after the login the user gets redirected to the requested website. Works perfectly!

BUT if the user requests a httpS website the captive portal is not displayed. An error message comes up telling me that the certificate is invalid.

What am I doing wrong?
Is there a way to get the captive portal displayed even if the requested website is https?

I just want the redirect to be a http request.

Cheers,
Matthias



This thread was automatically locked due to age.
Parents
  • 0

    Hey Matthias,

    Were you able to solve this, I am on the latest version and still having the same problem, it is public hotspot so I cannot force guest to install anything whether it was a cert or an agent,  the HSTS is driving me crazy

  • +1 in reply to Hala Moree

    I'm writing my own solution.
    first you buy the cheapest one ssl certificate. domain name-based ones. for example, your local domain name is example.com. Get an SSL certificate for firewall.example.com (it has a price of 10 USD per year). 

    Be sure to edit the firewall.example.com domain name on your dns server.

    Enter firewall.example.com in the hostname field under Administration -> Admin Settings.

    Admin console and end-user interaction
    Check "Use the firewall's configured hostname: firewall.example.com".
    Certificates -> Add
    Install the commercial certificate you purchased in (I will not explain in detail here)

    Let's type "firewall.example.com" in Common Name in Certificate Authorities section in Default.

    At the bottom of the Authentication section, the Captive portal uses HTTPS must be enabled.

     

    I hope I didn't forget a point. at least lead the way. You can also use the same certificate for https control in the web filter.

  • +1 in reply to Ozgur Gursoy

    Just to be sure.

    This last sentence is actually not correct :) 

    I hope I didn't forget a point. at least lead the way. You can also use the same certificate for https control in the web filter.

    You can read more about this here: https://community.sophos.com/kb/en-us/132997
     
  • 0 in reply to LuCar Toni

    i didn't try my last sentence i just thought it would

Reply Children
No Data