DNS not resolve while using captive portal

Amrish,

can you share the captive portal configuration?

Can you show the rule wher the captive portal is configured?

Are you using internal DNS on your computer or external DNS?

What version of XG Firmware are you running?

Thanks

Hi,

MAC Binding is not supported with either Captive Portal or Agent authentication. You can check #4 in the guide here to verify if there are any dropped or error packets capture on the interface.

Thanks

Hello lferrara,

Thanks for replying.

My reply inline below

lferrara said:

Amrish,

can you share the captive portal configuration?

Reply: Captive Portal config page is attached with this thread.

 

 

Can you show the rule where the captive portal is configured?

Reply: My configuration as like below,

- Source Zone: LAN, VLAN

- Source Network: VLAN ID

- Scheduled Time: All the time

- Destination Zones: WAN

- Destination Network: Any

- Services: Any

- Identity: Match known users

- User and Group: Group of users what can access Internet within that VLAN

- Intrusion Prevention: LAN to WAN

- Traffic Shaping Policy: Users policy applied

 (Image also attached with this thread)

[Addition things share: We have used same rules for the super user which MAC address binding for Internet. Only change is source network is 'Super users machine MAC address' and Identity for User and Group is disable for bypass captive portal]

Are you using internal DNS on your computer or external DNS?

Reply: We are using DNS which provide by our WAN ISP and we are also using global DNS. All VLANs having DHCP enable so any machine which connect within VLAN that can automatically get IP from DHCP pool. We are using device DNS for that. (Image attached with this thread) 

What version of XG Firmware are you running?

Reply: We have a latest update XG firmware that is SFOS 16.05.3 MR-3

Thanks

 

Hello Sachin,

Thanks for response,

As you said that is right and that is why we have a two rules, one for the captive portal users and other that MAC address binding for super users. Also we have checked that packets are dropped or error only when we using captive portal. If I bypass the MAC address for the same machine then Internet browsing working good and even packets are not dropped.

That is why I finally confused and double on captive portal. Hope you can get my point. 

Additional snap attached for Captive Portal setting

Amrish,

if you are using external DNS, make sure to create a top rule where you allow DNS service to all LAN resources.

Regards

Hello lferrara,

Yes I know about that DNS rule and it's priority to level. That is why from the first day, I have set that DNS rule on top of the all firewall rules.

Amrish,

try this:

On a computer that needs to be authenticated, set as DNS server the XG lan interface and see if the name resolution is still slow. If it works, try to change public DNS (I always advice to use internal DNS server or XG) or open a ticket with Support.

Regards

Hi Amrish, 

Could you verify the number of simultaneous users in your network, As per our recommendation for your model is between 60-80 as you are using FullGuard protection (WEB/Application/IPS/Email) . 

Also, Check the traffic through the WAN interface, it would seem you have 2 lines and both speeds seem different. Check on both ISP if there is a deviation on the speed. If the result is the same then check the Memory and CPU usage for any abnormality. 

I would also recommend removing IPS policy to test the performance as well. 

Hello lferrrara,

Tried but not success.

One thing I could not understand that If I use Internet without Captive Portal (mean MAC address is bypass or VLAN network have not required for authenticate) and even same machine, same VLAN and same IP address, then Internet browsing is working very fine and the same machine using internet with Captive Portal trouble to browsing Internet.

Really strange.!![:(]