Hotspot login page not accessible


so hopefully someone is able to help me out. I'm using an XG SFOS 18.0.0 GA-Build354 (Home Edition) on SG210 hardware with an AP15 access point.
The Problem is, that if I connect a device, (tested with Mac OS 10.14.6 / Windows 10 1909 / iOS 13.4.1) I'm not able to access the portal (https://<firewall_ip>:4501) where I can
enter the voucher code. I used the settings below.

I already checked the forum but nothing that I had found resolved my problem.

Setup: Sophos SG 210 -> HP 2510g switch -> Sophos AP15

1. Wireless configuration:

2. Hotspot configuration

3. AP Group

4. Wireless settings

5. Firewall rule

6. ACL

7. Physical Interface which is connected to the switch

8. Wireless Interface

9. Hotspot settings

  • In reply to Keyur:

    Hello Keyur,

    thanks for your answer! I know the KB article, I used it to setup the hotspot. However, I want to mention that I dont have a "Services" tab on the "Diagnostics" page.

    For the other 2 links, do I need Sophos Central to use a hotspot (I want to use it anyway, I'm just curious)?

  • In reply to Kevin Reinicke:


    I have shared those links if you are using Sophos Central, if not, we can configure the same on the XG firewall as well.

    Is the access point is showing in your XG firewall?

    Could you please share the screenshot for Service Tab issue?

  • In reply to Keyur:

    Hay Keyur,

    right now I dont use Central. The AP works perfectly fine for the home network (without hotspot), only the guest network with the hotspot authentication makes problems.

    Shure, here you have the screenshot of the Diagnostics page, and there is no Sevices tab.

  • In reply to Kevin Reinicke:

    Hello Kevin,

    Can you enable Wireless Protection on the Wifi Zone, and see if it makes any difference.

    I will try to replicate your configuration if the above doesn't fix the problem and get back to you, please give me 48hrs. 

    I think it might be an issue with the VLAN and how it is communicating, is it possible for you to connect the AP directly to the XG and run your same configuration.


  • In reply to emmosophos:


    Imagine the inconvenience when you are away from home. You have a conference to prepare for but can’t connect to a hotel Wi-Fi because the captive portal refuses to appear in the browser of your Windows 10 device.

  • Hello Kevin,

    I was re-reading your post and I think there was a misunderstanding on what you are trying to do here. I think I ran in the same issue while trying to replicate this.

    So basically the Hotspot is for the Guests to connect to your network and the Administrative User are the ones who can generate and create the Voucher which will contain the code for the Guest users to use. Those are created in the User Portal so the Admin of the Firewall doesn't need to administer this task and can be easily delegated to a user.

    So, in this case, I think what you are doing is you are connecting to your guest network, and then trying to access the User Portal to get the Code for the Hotspot. However, this is not the way.

    In your case when using Vouchers

    1) The "Administrative User" has to access the User Portal not using the Guest Network

    2) One the Administrative User has connected to the User Portal, you will see a new tab called HotSpots

    3) Select the hotspot, Hotspot voucher definition and then click on Create Vouchers

    4) You will see the Code which is the one the Guest user would need to enter once he connects to the Guest SSID

    5) For convenience, you can Print the voucher via PDF

    6 ) Once the Guest user connects to the hotspot, he/she should get prompted to access the code in the PDF.

    Let me know if this works for you! 



  • In reply to emmosophos:

    Hello emmosophos,

    I already turned on the wireless protection on the Wfi zone and it doesn't change anything.
    I can try to connect the ap directly to the XG, but I need some time because me USV died last night so I have to rewire the network closet.

    No, your second post is not what I meant, the problem is step 6.
    I already created a voucher on a wired PC. Than connectet a wireless Guest (see devices I listed in the first post) but the they doen't get promted to enter the voucher code.
    The conncted guest user is not able to reach the internet (obviouly, because he is not authenticated) and cant manuelly connect to https://<firewall_ip>:4501 where the portal for authentication is.

    Hope this makes my problem a bit more understandable.


  • In reply to emmosophos:

    Now I have connected the AP directly to the firewall but the problem is the same. The guest is able to connect to the hotspot, but cant authanticat itself.
    Right now I dont have setup any VLANs just the AP on the firewall interface. The guest network however is in a different zone.
    So I guess the problem is not the VLAN configuration.

  • In reply to Kevin Reinicke:

    Hello Kevin,

    Thank you for the update and clarification.

    I will try to replicate from my end on v18 and get back to you.


  • In reply to emmosophos:

    Hello emmosophos,

    thank you very much for your help! I finally got the hotspot to work as its supposed to.
    I had to start the hotspot service.

    On the v18: System Services -> Services