Airplane WiFi Captive Portal on MacOS

 It is clearly related to Sophos A\V and not necessarily Apple OS.  We are having this issue in two area's. Airplane Wifi and Marriott Hotel organizations Wifi.  I tried multiple ways to get connected while having Sophos active.  I even tried disabling a few features with out removing Sophos but nothing worked.  The only answer I can find is to remove Sophos A\V all together.  Which was only done for testing and is not an option for the end-user.  I did still have to type "neverlssl.com" in the URL to get the redirect but it worked as expected.  I will likely open a case with Sophos tomorrow but there is no real way to test with out booking a flight.  I have a lot of sales and executives that need this to work and travel all the time.   Hopefully we can get this resolved soon.

Yes, super frustrating. 3 MacOS releases later, and no new visibility in to the issue or timeline. Is it impacting other endpoint protection software? Is Apple really aware of the issue? Is it something that Apple needs to fix, or could Sophos workaround? Without visibility into the progress at Apple, how can we apply pressure in the right place? It's a huge issue for our traveling sales team. I went through the painful process to open a ticket, help debug via a remote employee, etc only to land with the same, vague answer.

Yes, super frustrating. 3 MacOS releases later, and no new visibility in to the issue or timeline. Is it impacting other endpoint protection software? Is Apple really aware of the issue? Is it something that Apple needs to fix, or could Sophos workaround? Without visibility into the progress at Apple, how can we apply pressure in the right place? It's a huge issue for our traveling sales team. I went through the painful process to open a ticket, help debug via a remote employee, etc only to land with the same, vague answer.

We're hopeful that this issue will be resolved in an upcoming macOS release.

The underlying problem occurs when a Transparent Proxy is installed on the OS. A similar issue was reported in the following Apple developer forum post. During our testing, all Sophos-specific filters were removed from the system and only the framework to route network connections was left behind. In this test case, the same issues with captive portals occurred.
- https://developer.apple.com/forums/thread/703588

Feedback is provided to Apple through feedback tickets, which are only viewable by the reporter or team that raised the ticket. Outside of this, Apple provides very little visibility into open bug reports to the general public. I can assure you the information present in the KBA remains accurate.

If you have any concerns, you are welcome to reach out to me via PM and I'd be happy to help in any way I can.

Thanks Kushal. That answer is much more informative the any previous responses. My email shows that a previous version of your reply mentioned a workaround coming in Sophos for Mac 10.4 - is that not the case anymore?

We have found a potential work-around that appears to be working for two of our end-users.  We created a new endpoint policy and disabled a couple of the features, "Real-time Scanning - Internet" and "Protect Network Traffic".  It's not ideal but it at least allows us to keep Sophos endpoint on the computer and still protects it for the most part.  Once the issue has been addressed we can simply move the user back to the normal policy.  We just did this yesterday for two employees that are traveling and have had good feed back so far. 

workaround tip from me:

open http://captive.apple.com/hotspot-detect.html in safari. This brings the login page.

HTTP not HTTPS

The point of this whole thread is that doesn't work.  It does when Sophos services are turned off on the Mac, but not when Sophos is running.

While we wait for a more permanent fix to be rolled out by Apple, we have made some improvements in the 10.4.0 release of Sophos for macOS. You can find the release notes in the following link by selecting "Endpoint > Sophos Anti-Virus for macOS > Central".
- https://docs.sophos.com/releasenotes/index.html

Captive Portal Mode can be enabled through the Sophos Endpoint Self Help Tool so that no issues occur while connecting.

This release will finish rolling out over the next few weeks.

I appreciate this approach. So 1st level Support can react to user calls that cannot join a network.

Looking forward to a even better solution in the code.

To add one more info here:

We have this situation also on iPhones, so there is no Intercept-X. But this happens, when they use the WiFi Login page from Sophos Central. It works with the WiFi Login page of the local Sophos Firewall.

Loading http://captive.apple.com/hotspot-detect.html helps on iPhone, too.

Is 10.4 even out yet? I haven't found it.

Could you provide me with the Unique ID to your Sophos Central Account via private message? I can check if your site should already have this. 

Brand new Macbook Pro with Monterey OS(no security software of any sort) has ZERO issues connecting to different captive portal based WiFi networks, captive portal pops up as expected everytime.

Same Macbook Pro with Monterey OS and Sophos Cloud installed --- HAS issues consistently connecting to captive portals. The method described of enabling "Captive Portal Mode" works ---other methods 2-4 do not work.

The problem with Captive Portal Mode is that this requires Administrative permission -- end users DO NOT have admin privileges. 

Please followup with Apple and internal Sophos engineering on finding a more appropriate fix for enterprise environments with users that have air travel often and using a personal hotspot is not an option.