Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 14653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guest Wifi with captive portal?

Justin Rutledge

I am new to the Sophos XG Firewall, and I am trying to set up a guest wireless network on a separate vlan that only has internet access, AFTER the user logs into the captive portal.  I have the separate SSID set, and I can browse the internet.  I have the geust ssid working, and internet is browsable, but I am at a loss as to the captive portal part... can you help?



This thread was automatically locked due to age.
Parents
  • 0

    Justine,

    How is the captive portal configured?

    Is the match users enabled on the firewall rule matching the ssid networks?

    Also show the captive portal settings under system services > authentication.

    Thanks

  • 0 in reply to lferrara

    Hi luke,

     

    I think I missed a very critical piece of information here.  I am not using sophos access points.  I am using third party access points.  I have to assume that makes a big difference?

  • +1 in reply to Justin Rutledge

    Justin,

    Captive portal can be enabled globally or on single firewall rule.

    Share screenshots of your config, how the different networks are connected, default gateway, etc.

    Regards

  • 0 in reply to Justin Rutledge

    HI Justin , 

    On your Guest SSID is your traffic Tagged and forwarded to your XG LAN interface?

    Have you created a VLAN alias on LAN interface on your XG ?

    If the traffic is Tagged via the Guest User , make sure you create a LAN to WAN rule with the VLAN network as a Source Network and check on Match users. Make sure this rule is on the TOP position for priority. 

    Conduct a Packet capture and check the traffic which rule does the traffic traverses through. You may use the command  tcpdump  'host <host address of the Guest Machine > 

  • 0 in reply to Aditya Patel

    I was able to sort out what I was after.  My guest network is simply on it's own VLAN.  I created a new zone called guest_network, that is tied to this VLAN, and created a hotspot using that zone.  Now anyone who joins my guest wifi immediately gets presented with the captive portal page asking for a voucher code.  

     

Reply
  • 0 in reply to Aditya Patel

    I was able to sort out what I was after.  My guest network is simply on it's own VLAN.  I created a new zone called guest_network, that is tied to this VLAN, and created a hotspot using that zone.  Now anyone who joins my guest wifi immediately gets presented with the captive portal page asking for a voucher code.  

     

Children