Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User based policy with Captive Portal

I wanted to try the user based policies and set up a simple user policy rule which allows everything to the WAN Zone.
IfI install the Client, I can authenticate and everything works.
If I manually open the Captive Portal and Login, I can authenticate and everything works.

But I thought the captive Portal would popup by itself, if nobody is authenticated. Am I wrong?

Anyone could help me figure out how to do this? (I'm not that familiar with Cyberoam, only with UTM 9)

Thanks!



This thread was automatically locked due to age.
Parents
  • There are 3 Reasons why you may not be redirected to a Captive portal

    1. When you create a User based policy from LAN to WAN with Action accept Source --> Any, Destination --> Any service --> Any . Just below the user based rule you need a Network based rule from LAN to WAN with action set to Drop.

    2. DNS plays an important role here, when you request a Domain www.example.com the first thing your computer does is resolve the DNS even before it sends a GET HTTP request and if your computer is pointing to an external DNS server the host tries to contact the DNS and fails because you are still not authenticated and you do not have a network based rule allowing DNS. Below are the steps you can take to fix this.

    a. Create a LAN to WAN rule with Source --> Any , Destination --> and service --> DNS, set the action to Accept and enable the MASQ on the rule.
    b. Point your computers DNS to the LAN IP of the XG firewall and make sure under Systsem --> Administration --> Device Access DNS is checked for the LAN.

    3. Captive portal is only served for http requests if your default webpage is pointing to a secure page or if you request https://gmail.com or https://example.com captive portal will not be served for those requests. You can only get redirected to the captive portal when there is a http request.

    You need to import the XG ca certificate as a part of your trusted certs to get a captive portal for https requests.


    Hope this fixes the issue, Let me know otherwise.
  • kranthiyadlapudi,

    Nr. 1 is the winner. There was no Network rule to block this traffic. After Setting a Network rule to block that traffic the captive Portal kicked in.

    Do I have to that for every User Policy rule?
    Could you explain why this is necessary?

    Thanks.

    Ibeme
Reply
  • kranthiyadlapudi,

    Nr. 1 is the winner. There was no Network rule to block this traffic. After Setting a Network rule to block that traffic the captive Portal kicked in.

    Do I have to that for every User Policy rule?
    Could you explain why this is necessary?

    Thanks.

    Ibeme
Children
  • I would also like to know if a rule like this is required after every option. In my case, I would like a policy that applies to me individually, then to my wife and so on. I do this by making the source network the mac address list of our respective devices. However, it seems redundant and odd to need a network rule directly after each individual policy to force the captive portal. This seems like more of a work around instead of a feature.
  • Has anyone got any more information on this? I haven't had a chance to try. This does seem strange if you'd have to create a drop rule underneath every user rule.