Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 11446 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive Portal Not Redirecting on XG

BryonAdams

I've set up Captive Portal following the guide on Sophos' Youtube channel (https://www.youtube.com/watch?v=q0GwtPLS0nk) but when trying to navigate to a website I'm not prompted to log in, it just spins forever. I'm able to ping the gateway and my WAN port of the XG, and if I navigate to the captive portal page (192.168.1.1:8090) i can log in and then freely browse. I wasn't seeing traffic hit my firewall rule so I'm thinking I messed up a rule somewhere. I do get a lease from the DHCP pool on VLAN2 and I'm not able to talk to VLAN1 which is fine.

Setup for the network is:  Modem --- Sophos XG --- Meraki 8 port switch ---- Meraki AP

The switch has everything configured as a trunk port, the SSID is configured to use VLAN 2, and I have VLAN 2 configured on the XG as port 1.2 handing out DCHP 192.168.1 /24.

 

 

Thoughts as to why I'm not redirected to the login prompt?



This thread was automatically locked due to age.
  • +1

    BryonAdams,

    If you are running XG v16.05 captive portal. As changed its behavior.

    Read the page 9 carefully:

    community.sophos.com/.../Sophos-XG-Firewall-v16_5F00_05-RN_5F00_v3.3.pdf

    Regards

  • +1 in reply to lferrara

    Hi Luk,

    It looks like my setup is compliant with those changes. Thankfully the video is only a few weeks old and the settings Sophos recommended using followed along with the change log.

    You did help in that it made me take another look at the rules. I failed to remember the rules are processed top to bottom. It looks like the Captive Portal won't automatically try to redirect until I actually attempt to navigate to the page, doing a DNS lookup (which fails as I'm not authenticated yet) beforehand doesn't count. I moved the Guest WiFi DNS rule above the Guest WiFi rule and now it automatically prompts on my mobile phone with a "You need to log in" notification and I can navigate out. I tested on my laptop as well and it works, though Firefox doesn't like the certificate I'm using (default one, I have not uploaded a proper cert yet).