Airplane WiFi Captive Portal on MacOS

We are using Sophos Central with client version 10.3.4 on M1 Chip MacBooks with MacOS 12.4.  GoGo WiFi will no longer bring up the Captive Portal page.  When booting into Safe Mode it works fine.  When looking at the streaming log in terminal there are many failed connections for Sophos trying to connect to Sophos Central.  My theory is that this traffic is causing the Captive Portal page not to open.  Has anyone found any resolution to this.  All normal things have been tried, like going directly to the Captive Portal Page, Going to, Removing the SSID from the known network list, etc.

Added tags
[edited by: Gladys at 2:08 AM (GMT -7) on 17 Jun 2022]
Parents Reply Children
  • I can confirm that this continues to be a problem even on Ventura 13.3.  So far, our workaround has been to create a separate Web Control Policy for MacBooks and disable Acceptable Web Usage - not ideal.  Even with this disabled I still have one Mac user that is having issues on airline networks that use a pay-wall (nearly all of them).  I still have not found a work around for that yet.

    Like others in this thread, removing Sophos solves the problem entirely.  I have had multiple cases open with Sophos and the answer I am always given is that it is an Apple problem and the work around it to give local users Admin rights to temporarily disable captive portals.  I have two clients that are ready to move away from Sophos all together because of this,

    Any aditional support or advice is welcome, of course.  But, "It's Apple's problem." no longer works as an answer.

  • did you try that? you could give your users the URL, not admin permissions.

  • Our L3 teams are working alongside Apple to look further into this issue. If it's possible, please try performing a packet capture. You will need to start the packet capture prior to connecting to the wifi network to gather the necessary data for investigation. The conditions necessary to gather this do make it quite difficult, but it’s the last piece our team is waiting on to investigate further. 

    To perform the capture, the user will need to have local admin rights. 

    1. Run the following command via Terminal
    - sudo /usr/sbin/tcpdump -vvv -n -s 0 -w ~/Desktop/`date "+%Y.%m.%d_%H-%M-%S"`.pcap

    2. Connect to the wifi network, and wait for it to fail

    3. Stop the capture (Command+C)

    Once you have the file, please send me a private message. Our team will be grateful for your help with this.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks for the suggestions. 

    The end-users do not have admin rights for compliance needs.

    Also, the issue seems to be an issue ONLY in-flight.  Unfortunately, I do not have the ability to trouble shoot when  the user is on the plane.