Allow access to uncategorised Wi-Fi network splash screen logons

We have an issue where if our users want to use a Hotel, Conference Centre, or Airport Lounge’s Wi-Fi they can’t because the Wi-Fi network’s internal logon splash screen is blocked as ‘Uncategorised’ by SOPHOS Central Web Protection and we don’t allow access to uncategorised websites. See screen shot below.

The cumbersome work around is to talk them through disabling the client tamper protection, going to the Wi-Fi splash screen, logging on to the Wi-Fi network, and then re-enabling client protection.

We don’t want to allow uncategorised sites.

 

We’ve raised this with SOPHOS support and they said there’s no other solution other than what we’re doing.

It’s hard to believe that an Enterprise grade security product doesn’t have some way to cater for this very common business requirement.

 

Has anyone else found a solution?

 

Thanks.



Added Tags
[edited by: GlennSen at 8:18 AM (GMT -8) on 25 Feb 2023]
Parents
  • Hello David,

    Thank you for reaching the community forum.

    We do apologize for the inconvenienced caused by this. May we know which sophos product you're using? Also, If you have support case open for this, can you share it with us? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi  this is for SOPHOS Central and SOPHOS Intercept X Advanced with Client SOPHOS Endpoint Agent.

    We did have a ticket previously but its closed.

    Cheers,

    David.

  • Thank you for your response. 

    I don't see any problem for the product wise side as the product works on how it has been designed. 

    It seems like you’re countering the policy you've applied to your end users/devices. Are you getting the same Link for each of your users who tried to access public Wi-Fi for spalsh logon?

    If so, then you can add exclusion to your website management and change the categorization of this link so that you're endusers can access public Wi-Fi and. also, this can be done for one time process. But if the link change every time user goes to new places, then its a very manual process as you need to add every link for exclusuion. 

    Additional suggestion for your scenario was to change the "Action" for Uncategorize websites from "block" action to "warn". 

    But this depend on your organization policy. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The product is working as designed but the issue is that its deficient and does not cater for this scenario.

    We only want to counter the policy applied in a particular scenario (connecting to public Wi-Fi).

    Unfortunately its just as cumbersome to add the URL as an exclusion because the user isn't connected to the Internet (they're connected to the public Wi-Fi but haven't accepted the terms so no Internet at that stage) and the client can't get the exclusion. Added to this is that often the slash page redirects to another page which is also uncategorised.

    SOPHOS support also previously advised a solution was to set a common password (e.g. 00000) for tamper protection on all clients so users could disable it as needed to connect to public Wi-Fi. That's not an option as the users can't be trusted and we don't want to rely 100% on client AV to protect against malware from infected sites.

    Admittedly this is a tricky problem as its a bit of a chicken and egg situation and the only solution I can see would be to develop a function in the products to let the user allow a URL in the client, only when the client has no internet connectivity (i.e. on a public Wi-Fi network where Internet isn't connected yet) that could then be reported back to SOPHOS Central against the client.

Reply
  • The product is working as designed but the issue is that its deficient and does not cater for this scenario.

    We only want to counter the policy applied in a particular scenario (connecting to public Wi-Fi).

    Unfortunately its just as cumbersome to add the URL as an exclusion because the user isn't connected to the Internet (they're connected to the public Wi-Fi but haven't accepted the terms so no Internet at that stage) and the client can't get the exclusion. Added to this is that often the slash page redirects to another page which is also uncategorised.

    SOPHOS support also previously advised a solution was to set a common password (e.g. 00000) for tamper protection on all clients so users could disable it as needed to connect to public Wi-Fi. That's not an option as the users can't be trusted and we don't want to rely 100% on client AV to protect against malware from infected sites.

    Admittedly this is a tricky problem as its a bit of a chicken and egg situation and the only solution I can see would be to develop a function in the products to let the user allow a URL in the client, only when the client has no internet connectivity (i.e. on a public Wi-Fi network where Internet isn't connected yet) that could then be reported back to SOPHOS Central against the client.

Children