Airplane WiFi Captive Portal on MacOS

We are using Sophos Central with client version 10.3.4 on M1 Chip MacBooks with MacOS 12.4.  GoGo WiFi will no longer bring up the Captive Portal page.  When booting into Safe Mode it works fine.  When looking at the streaming log in terminal there are many failed connections for Sophos trying to connect to Sophos Central.  My theory is that this traffic is causing the Captive Portal page not to open.  Has anyone found any resolution to this.  All normal things have been tried, like going directly to the Captive Portal Page, Going to 1.1.1.1, Removing the SSID from the known network list, etc.



Added tags
[edited by: Gladys at 2:08 AM (GMT -7) on 17 Jun 2022]
Parents
  •  It is clearly related to Sophos A\V and not necessarily Apple OS.  We are having this issue in two area's. Airplane Wifi and Marriott Hotel organizations Wifi.  I tried multiple ways to get connected while having Sophos active.  I even tried disabling a few features with out removing Sophos but nothing worked.  The only answer I can find is to remove Sophos A\V all together.  Which was only done for testing and is not an option for the end-user.  I did still have to type "neverlssl.com" in the URL to get the redirect but it worked as expected.  I will likely open a case with Sophos tomorrow but there is no real way to test with out booking a flight.  I have a lot of sales and executives that need this to work and travel all the time.   Hopefully we can get this resolved soon.

  • Yes, super frustrating. 3 MacOS releases later, and no new visibility in to the issue or timeline. Is it impacting other endpoint protection software? Is Apple really aware of the issue? Is it something that Apple needs to fix, or could Sophos workaround? Without visibility into the progress at Apple, how can we apply pressure in the right place? It's a huge issue for our traveling sales team. I went through the painful process to open a ticket, help debug via a remote employee, etc only to land with the same, vague answer.

  • We're hopeful that this issue will be resolved in an upcoming macOS release.

    The underlying problem occurs when a Transparent Proxy is installed on the OS. A similar issue was reported in the following Apple developer forum post. During our testing, all Sophos-specific filters were removed from the system and only the framework to route network connections was left behind. In this test case, the same issues with captive portals occurred.
    https://developer.apple.com/forums/thread/703588

    Feedback is provided to Apple through feedback tickets, which are only viewable by the reporter or team that raised the ticket. Outside of this, Apple provides very little visibility into open bug reports to the general public. I can assure you the information present in the KBA remains accurate.

    If you have any concerns, you are welcome to reach out to me via PM and I'd be happy to help in any way I can.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks Kushal. That answer is much more informative the any previous responses. My email shows that a previous version of your reply mentioned a workaround coming in Sophos for Mac 10.4 - is that not the case anymore?

  • We have found a potential work-around that appears to be working for two of our end-users.  We created a new endpoint policy and disabled a couple of the features, "Real-time Scanning - Internet" and "Protect Network Traffic".  It's not ideal but it at least allows us to keep Sophos endpoint on the computer and still protects it for the most part.  Once the issue has been addressed we can simply move the user back to the normal policy.  We just did this yesterday for two employees that are traveling and have had good feed back so far. 

  • workaround tip from me:

    open http://captive.apple.com/hotspot-detect.html in safari. This brings the login page.

    HTTP not HTTPS

Reply Children