We are using Sophos Central with client version 10.3.4 on M1 Chip MacBooks with MacOS 12.4. GoGo WiFi will no longer bring up the Captive Portal page. When booting into Safe Mode it works fine. When looking at the streaming log in terminal there are many failed connections for Sophos trying to connect to Sophos Central. My theory is that this traffic is causing the Captive Portal page not to open. Has anyone found any resolution to this. All normal things have been tried, like going directly to the Captive Portal Page, Going to 126.96.36.199, Removing the SSID from the known network list, etc.
It is clearly related to Sophos A\V and not necessarily Apple OS. We are having this issue in two area's. Airplane Wifi and Marriott Hotel organizations Wifi. I tried multiple ways to get connected while having Sophos active. I even tried disabling a few features with out removing Sophos but nothing worked. The only answer I can find is to remove Sophos A\V all together. Which was only done for testing and is not an option for the end-user. I did still have to type "neverlssl.com" in the URL to get the redirect but it worked as expected. I will likely open a case with Sophos tomorrow but there is no real way to test with out booking a flight. I have a lot of sales and executives that need this to work and travel all the time. Hopefully we can get this resolved soon.
Yes, super frustrating. 3 MacOS releases later, and no new visibility in to the issue or timeline. Is it impacting other endpoint protection software? Is Apple really aware of the issue? Is it something that Apple needs to fix, or could Sophos workaround? Without visibility into the progress at Apple, how can we apply pressure in the right place? It's a huge issue for our traveling sales team. I went through the painful process to open a ticket, help debug via a remote employee, etc only to land with the same, vague answer.
We're hopeful that this issue will be resolved in an upcoming macOS release.
The underlying problem occurs when a Transparent Proxy is installed on the OS. A similar issue was reported in the following Apple developer forum post. During our testing, all Sophos-specific filters were removed from the system and only the framework to route network connections was left behind. In this test case, the same issues with captive portals occurred.- https://developer.apple.com/forums/thread/703588
Feedback is provided to Apple through feedback tickets, which are only viewable by the reporter or team that raised the ticket. Outside of this, Apple provides very little visibility into open bug reports to the general public. I can assure you the information present in the KBA remains accurate.
If you have any concerns, you are welcome to reach out to me via PM and I'd be happy to help in any way I can.
Thanks Kushal. That answer is much more informative the any previous responses. My email shows that a previous version of your reply mentioned a workaround coming in Sophos for Mac 10.4 - is that not the case anymore?
We have found a potential work-around that appears to be working for two of our end-users. We created a new endpoint policy and disabled a couple of the features, "Real-time Scanning - Internet" and "Protect Network Traffic". It's not ideal but it at least allows us to keep Sophos endpoint on the computer and still protects it for the most part. Once the issue has been addressed we can simply move the user back to the normal policy. We just did this yesterday for two employees that are traveling and have had good feed back so far.
workaround tip from me:
open http://captive.apple.com/hotspot-detect.html in safari. This brings the login page.
HTTP not HTTPS
The point of this whole thread is that doesn't work. It does when Sophos services are turned off on the Mac, but not when Sophos is running.
While we wait for a more permanent fix to be rolled out by Apple, we have made some improvements in the 10.4.0 release of Sophos for macOS. You can find the release notes in the following link by selecting "Endpoint > Sophos Anti-Virus for macOS > Central".- https://docs.sophos.com/releasenotes/index.html
Captive Portal Mode can be enabled through the Sophos Endpoint Self Help Tool so that no issues occur while connecting.
This release will finish rolling out over the next few weeks.
I appreciate this approach. So 1st level Support can react to user calls that cannot join a network.
Looking forward to a even better solution in the code.
To add one more info here:
We have this situation also on iPhones, so there is no Intercept-X. But this happens, when they use the WiFi Login page from Sophos Central. It works with the WiFi Login page of the local Sophos Firewall.
Loading http://captive.apple.com/hotspot-detect.html helps on iPhone, too.
Is 10.4 even out yet? I haven't found it.
Could you provide me with the Unique ID to your Sophos Central Account via private message? I can check if your site should already have this.
I Sent you the unique ID, Please let us know if its available for client to download.