This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hotspot landing page blocked after upgrade from 17.x to 18.x

Hej Sophos community,

several XG 106 boxes, which were updated from SFOS 17.x to 18.x suddenly block the access of the hotspot landing page.

The Hotspot was just woring fine before the upgrade and clients were redirected to the landing page with the input field of the voucher code.

Now with SFOS 18.0.4 MR-4 the clients timeout because the access is blocked by the firewall:

2021-03-12 08:02:12Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="vxlan3.101" in_display_interface="vxlan3.101" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="172.16.10.2" src_country="R1" dst_ip="172.16.10.254" dst_country="R1" protocol="TCP" src_port="49192" dst_port="4501" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0"

So the main question is:

How can I place a rule to allow port 4501 traffic with the XG itself as target? I only know the appliance-access-matrix where WIFI is enabled for every service excluded AD SSO and Dynamic Routing.

Hotspot Service is running.

Any ideas?

Thanks and Regards,

Boris



This thread was automatically locked due to age.
Parents Reply Children