Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 42 subscribers
  • Views 3527 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can XG Captive Portal Support ALl Mobile devices Android & IOS

Dennis Kho

Hi Sophos Members,

checking with expert does All mobile support the Captive Portal in XG? 

PC & Laptop via browser no problem (Error) insert SSL Certificate.

So how about Mobile or tablet.



This thread was automatically locked due to age.
Parents
  • 0

    Can you give us more insight on this request? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    sure can....usually Captive portal is https and first time user will have certification error and click add/ advance proceed page to continue to view the login page.

    So we can download the SSL certificate from XG and import into Windows or Mac OS browser (Chrome,Firefox, IE, EDGE and etc) to avoid the certificate error.

    So how about mobile devices? how to avoid the certification error. (assume this is public WiFi)

  • 0 in reply to Dennis Kho

    Why do you dont use any public signed certificate in the first place? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    because the XG firewall is an internal site using a certificate from a private CA (no public certificates allowed on private IP addresses).

    I have the same issue: laptops/desktops are fine with captive portal, either displaying error which can be added to exceptions, or installing certificate of private CA. But on mobile devices, I cannot override the certificate error (browser won't allow, neither Chrome nor Firefox on Android), and I cannot install the certificate in a way that the browser recognizes it. 

    This happens when a firewall rule directly enforces authentication.

    When a Web policy enforces authentication (as part of a firewall rule), the captive portal is shown fine. So it may have to do with how traffic is intercepted by Sophos XG (network vs. application layer) when redirecting to captive portal.

    I wonder if anybody uses this feature with mobile devices so that there are so few answers to this. I strikes me as a very valid and frequent scenario ... So if you have made it work, please share.

    Thanks.

Reply
  • 0 in reply to LuCar Toni

    because the XG firewall is an internal site using a certificate from a private CA (no public certificates allowed on private IP addresses).

    I have the same issue: laptops/desktops are fine with captive portal, either displaying error which can be added to exceptions, or installing certificate of private CA. But on mobile devices, I cannot override the certificate error (browser won't allow, neither Chrome nor Firefox on Android), and I cannot install the certificate in a way that the browser recognizes it. 

    This happens when a firewall rule directly enforces authentication.

    When a Web policy enforces authentication (as part of a firewall rule), the captive portal is shown fine. So it may have to do with how traffic is intercepted by Sophos XG (network vs. application layer) when redirecting to captive portal.

    I wonder if anybody uses this feature with mobile devices so that there are so few answers to this. I strikes me as a very valid and frequent scenario ... So if you have made it work, please share.

    Thanks.

Children
Unfiltered HTML