Airplane WiFi Captive Portal on MacOS

We are using Sophos Central with client version 10.3.4 on M1 Chip MacBooks with MacOS 12.4.  GoGo WiFi will no longer bring up the Captive Portal page.  When booting into Safe Mode it works fine.  When looking at the streaming log in terminal there are many failed connections for Sophos trying to connect to Sophos Central.  My theory is that this traffic is causing the Captive Portal page not to open.  Has anyone found any resolution to this.  All normal things have been tried, like going directly to the Captive Portal Page, Going to 1.1.1.1, Removing the SSID from the known network list, etc.



Added tags
[edited by: Gladys at 2:08 AM (GMT -7) on 17 Jun 2022]
Parents
  • Can someone at Sophos give us the instruction of how to use make a new Threat Protection Policy to disable the features which cause this issue. Our employees and executives are requesting to uninstall Sophos completely because this problem is blocking them to work on business trips. It has been there more than 3 months. And the new update needs the Sophos Administrator password which unique for each machine and the setting only works for couple hours. It is not acceptable for our end users.

  • The password required will be the local admin password on the macOS device, not the Tamper Protection passcode. 

    I have followed up with you via PM to share some steps you can try. 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Think about that statement from a security perspective—- giving end users local admin permissions to their workstations—just so they could temporarily connect to the WiFi network. There needs to be a permanent fix or we are moving away from Sophos.

    There are other EDR endpoint products on the market that inject into the network filter drivers for Mac for net inspection, that do not cause this issue. Please have your dev team look into this issue ASAP. It is not an Apple Monterey issue- you can verify that statement by trying to connect to captive portal on a clean machine with Sophos- works every time. We need this escalated!

Reply
  • Think about that statement from a security perspective—- giving end users local admin permissions to their workstations—just so they could temporarily connect to the WiFi network. There needs to be a permanent fix or we are moving away from Sophos.

    There are other EDR endpoint products on the market that inject into the network filter drivers for Mac for net inspection, that do not cause this issue. Please have your dev team look into this issue ASAP. It is not an Apple Monterey issue- you can verify that statement by trying to connect to captive portal on a clean machine with Sophos- works every time. We need this escalated!

Children