Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet access until we use captive portal mode

We have Sophos Central Endpoint Protection for macOS installed on 50+ laptops and a few computers a day lose internet. We try to turn wifi on/off, and different browsers and it doesn't work.

Oddly though if we launch Sophos Endpoint Self Help and disable the Captive Portal Mode then the internet works, for 5 minutes, until captive portal protection re-enables. Rebooting will make this go away for some time. 

Our WiFi does not have a captive portal, it is a simple WPA2 password. The vast majority of laptops are connected to the WiFi without issue.

1. Is there some setting to make this happen less often?

2. Can we relax browser protection with a set of trusted WiFis?

3. Can we set the Captive Portal Mode for a few hours?

Typical system info:

Operating System Version: macOS (13.3)
Proxy Configuration: No proxy configured in policy

Version: 10.4.7

Endpoint Advanced: Installed
Sophos Intercept X: Installed
Device Encryption: Installed

This thread was automatically locked due to age.
  • Hi Hamid,

    Thanks for reaching out to the Sophos Community Forum. 

    This is the first I am hearing of this sort of issue. Would it be possible for you to take a pcap while the issue is present? After a network disconnect occurs and you're able to replicate the issue, I suggest running the following command. 
    sudo /usr/sbin/tcpdump -vvv -n -s 0 -w ~/Desktop/`date "+%Y.%m.%d_%H-%M-%S"`.pcap

    Once you have generated the logs, please open a support case. Please also provide me with the case number via private message. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I have the same problem. Seems to only happen to Intel macs. 

    Highly correlated with VPN users who disconnect/reconnect. 

    I think Sophos is mis-handling DNS, because it is also binding the wrong DNS routing sometimes as well. There's a bug here and it's been pulling-teeth to get someone's attention at Sophos without being stuck in Level 1 canned-response stasis. 

  • +1 to the Intel Macs. Of the ~10 machines that have had this issue most were Intel Macs.

    We aren't using VPNs but still have this issue.

    Also I reached out to support and sent over the tcdump as well as the Sophos Diagnostic Utility zip file from the Sophos Endpoint Self Help. Will keep you posted if that finds something new.

    And I do think it has something to do with browser internet and possibly DNS. When it happens I can keep talking on Zoom but my browsers all display no internet.