Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 41 subscribers
  • Views 49851 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User based policy with Captive Portal

Ibeme

I wanted to try the user based policies and set up a simple user policy rule which allows everything to the WAN Zone.
IfI install the Client, I can authenticate and everything works.
If I manually open the Captive Portal and Login, I can authenticate and everything works.

But I thought the captive Portal would popup by itself, if nobody is authenticated. Am I wrong?

Anyone could help me figure out how to do this? (I'm not that familiar with Cyberoam, only with UTM 9)

Thanks!



This thread was automatically locked due to age.
Parents
  • 0
    There are 3 Reasons why you may not be redirected to a Captive portal

    1. When you create a User based policy from LAN to WAN with Action accept Source --> Any, Destination --> Any service --> Any . Just below the user based rule you need a Network based rule from LAN to WAN with action set to Drop.

    2. DNS plays an important role here, when you request a Domain www.example.com the first thing your computer does is resolve the DNS even before it sends a GET HTTP request and if your computer is pointing to an external DNS server the host tries to contact the DNS and fails because you are still not authenticated and you do not have a network based rule allowing DNS. Below are the steps you can take to fix this.

    a. Create a LAN to WAN rule with Source --> Any , Destination --> and service --> DNS, set the action to Accept and enable the MASQ on the rule.
    b. Point your computers DNS to the LAN IP of the XG firewall and make sure under Systsem --> Administration --> Device Access DNS is checked for the LAN.

    3. Captive portal is only served for http requests if your default webpage is pointing to a secure page or if you request https://gmail.com or https://example.com captive portal will not be served for those requests. You can only get redirected to the captive portal when there is a http request.

    You need to import the XG ca certificate as a part of your trusted certs to get a captive portal for https requests.


    Hope this fixes the issue, Let me know otherwise.
  • 0 in reply to Kranthi

    I've tried this and still the browser doesn't redirect to the network authentication page when not logged. All DNS queries resolve with no issues but still no redirection Any other suggestions?

Reply Children
No Data
Unfiltered HTML