This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Blocking Public WiFi Splash Pages

Apologies if I'm posting to the wrong group - my question is about Endpoint Advanced, managed by cloud-based Central Admin.

We’ve been having an ongoing problem with Sophos on laptops for people who travel.  A lot of free public wifi networks, like you’d find at a hotel, restaurant, or airport, at first can only connect to a splash page where one must accept disclaimers, before the network will let the device connect to the rest of the internet.  Without accepting the terms on the splash page, the internet cannot be accessed.  And it seems that with many of these wireless network splash pages, Sophos completely blocks the disclaimers/terms/conditions page, thus preventing any and all internet access. 

I’m looking for an easy way to loosen up the Sophos policy that is restricting access these splash pages, without punching too much of a hole in the general network security that Sophos provides.  Thanks!



This thread was automatically locked due to age.
Parents
  • Hi Burdett MacLean,

    Can you share the Sophos Block message details? Maybe a screenshot would help.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • One of our user had the same issue. Had to disabled the Sophos endpoint to enable the hotel Internet.

    I could not upload the screen shot because it is over the size limitation.

  • Hi Philip,

    Could you check if this  work around would work by adding IP/URL of the spash Page. to web protection exceptions. 

    If you did not know the Spash page URL , Disable Web Protection and the URL will be revealed on your Hotspot. 

    Could you let us know which Specific Product and Version was affected so we would investigate the issue. Kindly let us know the OS and Version on your machine.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • We experience this as well with our instance of Sophos Endpoint (Cloud)

    Issue: Splash login opens i.e. the Captive Network Assistant app and displays "A problem occurred. The webpage couldn't be loaded." 

    URL: Initially: http://captive.apple.com/hotspot-detect.html then redirects to nXX.network-auth.com

    OS: macOS 10.14 & 10.14.1 - High Sierra(10.13) and Sierra(10.12) are not effected nor are Windows 10 clients.

    Meraki wireless APs

    Backstory: This issue has been plaguing me for two weeks and the culprit was found yesterday after I temporarily moved all of the Sophos launch agents and daemons on a test client so they would't start. The issue went away immediately then returned after the Sophos plists were returned to those two directories. The splash login we have for this particular SSID doesn't allow http traffic through until signing in unless I add it to the walled garden list. While I've added the Sophos url's I know of to this list let me also point out that another SSID was created without blocking http traffic turned on and this issue still occurs.

    I've turned off everything I saw with a checkbox or switch in the base policies to no avail. If I could leave the endpoint client installed/enabled and simply exclude the computer from all policies I'd know if it was a policy setting and not the client itself, but .... doesn't appear as though you can. Someone correct me if I'm wrong.

     

    Until this issue is resolved I've halted deployment and or uninstalled Sophos on clients that have 10.14 and above.

Reply
  • We experience this as well with our instance of Sophos Endpoint (Cloud)

    Issue: Splash login opens i.e. the Captive Network Assistant app and displays "A problem occurred. The webpage couldn't be loaded." 

    URL: Initially: http://captive.apple.com/hotspot-detect.html then redirects to nXX.network-auth.com

    OS: macOS 10.14 & 10.14.1 - High Sierra(10.13) and Sierra(10.12) are not effected nor are Windows 10 clients.

    Meraki wireless APs

    Backstory: This issue has been plaguing me for two weeks and the culprit was found yesterday after I temporarily moved all of the Sophos launch agents and daemons on a test client so they would't start. The issue went away immediately then returned after the Sophos plists were returned to those two directories. The splash login we have for this particular SSID doesn't allow http traffic through until signing in unless I add it to the walled garden list. While I've added the Sophos url's I know of to this list let me also point out that another SSID was created without blocking http traffic turned on and this issue still occurs.

    I've turned off everything I saw with a checkbox or switch in the base policies to no avail. If I could leave the endpoint client installed/enabled and simply exclude the computer from all policies I'd know if it was a policy setting and not the client itself, but .... doesn't appear as though you can. Someone correct me if I'm wrong.

     

    Until this issue is resolved I've halted deployment and or uninstalled Sophos on clients that have 10.14 and above.

Children
No Data