Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3319 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive portal from VLAN to access LAN

Panagiotis Vakerlis

Hello everyone,

I've just started playing with VLANS and successfully set one up for guest users. I have 2 rules for this guest network, 1 GUEST -> WAN without restrictions and 1 GUEST -> LAN with captive portal and show captive portal for unauthenticated users.

Problem is, from the guest network when I try to access a web page on LAN I don't get the captive portal page. If I go manually to https://x.x.x.x:8090 (x.x.x.x is the internal XG ip, 8090 is the captive portal port) it will show the captive portal and when I log on I have full access.

Any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    In the firewall rule there is Match User and Use Web authentication for unknown users.

    If they are checked and there is a web request that matches the source and destination and there is no logged in user, that rule should match, and the user should be sent to Captive Portal.

Reply
  • 0

    In the firewall rule there is Match User and Use Web authentication for unknown users.

    If they are checked and there is a web request that matches the source and destination and there is no logged in user, that rule should match, and the user should be sent to Captive Portal.

Children
  • 0 in reply to Michael Dunn

    Exactly! That's my problem. I get timedout while trying to load the captive portal when an unauthenticated user tries to get to lan. It should load the captive portal to login. Both boxes are ticked.

  • +1 in reply to Panagiotis Vakerlis

    We did a reorganization of the captive portal options in v18 to make it more understandable, although the underlying functionality is generally the same. That being said in v18 the "custom message" has been removed, so your current workaround is not a long term solution.

    First thing, you can go to Administration > Admin Settings and change the hostname/ip that is used for the redirection - just in case it is choosing something not correct in your setup. That may be enough to fix you.

    Next thing, the unauthenticated request might be hitting a firewall rule that you do not expect. I don't know how complex your setup is but maybe trying to temporarily moving the rule you want to hit to the very top precedence to make sure it is being hit.

  • 0 in reply to Michael Dunn

    That was it! Changed "When redirecting users to the captive portal or other interactive pages" to "Use the first internal interface and worked! So it was probably the hostname or something that was causing this. Thanks a lot!

     

     

    Newly arised problem: There's a mpd server that listens on LAN and on a port (6680). When I try to access a direct http page (on 80 port) I get the user portal. When I access the mpd which is x.x.x.x:6680 it times out. Is a solution to that? If not that's not a big deal

  • 0 in reply to Panagiotis Vakerlis

    Captive Portal is only supported on port 80 and 443.

    If you are an unauthenticated accessing other ports the "show captive portal to unknown users" does not apply.  The firewall rule will not match and it will fall to the following firewall rules, eventually to the bottom drop all.

  • 0 in reply to Michael Dunn

    Thought so, but didn't hurt to ask! I can login to the 80 port page first and then access the mpd, no big deal.

    Thanks again for your info!

Unfiltered HTML