Endpoint Blocking Public WiFi Splash Pages

Question

Apologies if I'm posting to the wrong group - my question is about Endpoint Advanced, managed by cloud-based Central Admin. We&rsquo;ve been having an ongoing problem with Sophos on laptops for people who travel. A lot of free public wifi networks, like you&rsquo;d find at a hotel, restaurant, or airport, at first can only connect to a splash page where one must accept disclaimers, before the network will let the device connect to the rest of the internet. Without accepting the terms on the splash page, the internet cannot be accessed. And it seems that with many of these wireless network splash pages, Sophos completely blocks the disclaimers/terms/conditions page, thus preventing any and all internet access. 
 I&rsquo;m looking for an easy way to loosen up the Sophos policy that is restricting access these splash pages, without punching too much of a hole in the general network security that Sophos provides. Thanks!

Philip Zhou · Answer

Finally I figured out the walk around and successfully tested it on different Mac and public wifi: 
 
 When the error message come up, you need close that window and open a new browser. 
 Type in this link: http://captive.apple.com/hotspot-detect.html 
 The splash page will show up and you can get the Mac connected with wifi. 
 You can ask your users keep this link as a bookmark. But please remind them they have to close the windows which show the error message. Otherwise it doesn't work. 
 
 Hope Sophos can work with Apple to figure out a permanent fix soon.

Aditya Patel · Answer

Hi Philip, 
 Could you check if this work around would work by adding IP/URL of the spash Page. to web protection exceptions. 
 If you did not know the Spash page URL , Disable Web Protection and the URL will be revealed on your Hotspot. 
 Could you let us know which Specific Product and Version was affected so we would investigate the issue. Kindly let us know the OS and Version on your machine.

Aditya Patel · Answer

Hi Philip , Workaround. *Option 1*. Ask the client to use an https website e.g. https://Google.com on another Browser besides Safari and there should be a security Error which is normal as the client machine does not have that certificate .Make sure the Safari page is closed before attempting on another browser as the Server/Router will expect the same connection and by doing so with another browser a new connection request is sent. *Option 2*. If the URL hostspot URL is known , ask to try to connect using a Mobile device and check URL/IPaddress of the first page it pops up and add that to Web Protection Exclusions. Only the Domain/IP would suffice as that would only be considered for an exclusion to take Place. *Option 3*. If the path is Unknown ask the customer to run the command in terminal -> *sudo tcpdump -vv | grep href* and when the splash page fails to load close the tab and check the output on the terminal . It will give the redirect URL which should be added in Web Exception in this case 10.255.0.1 or domain only. *KIndly Note* , Any web exceptions will only work if the system is connected to the internet . If You have only safari , copy the link from the output in the terminal and run the command *open * and it will open in Safari. in this example use command-> *open 10.255.0.1:4501/index.cgi* to make it simpler run the command *sudo tcpdump -vv | grep href* first exit the dump using ctrl +c and type *open * ENTER or use the same URL in the Safari Browser directly. *Option 4:* Open Terminal run the command > *open http://google.com* and captive portal will show on Safari .

Aditya Patel · Answer

Hi Steven , 
 
 This issue is related to the 10.14 , this issue is not affected on 10.12 or 10.13. We have cases which is open and still under investigation. We will let you know if we have an ETA.

Philip Zhou · Answer

The issue got fixed by Sophos latest update: 9.8.3. If you still have that problem, you can open a support case and ask them to push that update to you.