Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 2011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unifi Guest Portal not showing after switching from Sophos SG to XG

Thorsten Stiebig

Hi there,

 

i'm trying to get the Unifi GuestPortal to work with SOPHOS XG and on an dedicated VLAN.

My setup:

- UniFi Controller on Windows with 2 Unifi Access Points

- Sophos XG UTM as Gateway for my LAN, WAN and VLAN-networks

 

Network:

Productive Network: 10.253.88.0/24, GW: 10.253.88.254, DNS 10.253.88.254

Guest WiFi-Network: 10.253.11.0/24 (VLAN11), GW: 10.253.11.254, DNS 10.253.11.254

Internwal-WLAN: 10.253.99.0/24 (VLAN99), GW: 10.253.99.254, DNS 10.253.99.254

Remote-LAN for Unifi Controller (IPsec Site-to-Site-VPN): 192.168.77.0/24

 

The UniFi-Controller (Windows-based)

IP: 192.168.77.7

FQDN-Name: wlan.mydomain.com (DNS-Name is accessable from all internal LAN & WLAN Networks and translated to IP 192.168.77.7  ant treated as Device on my Network Site)

 

The UAP AC are in the WLAN network with the ip: 10.253.99.57 & 72

 

I know that my Unifi Guest Portal is working fine. I migrated my Sophos Firewall from SG to XG. I adopt  all Firewall Rules but it is not working.

 

The problem:

I connect with my Device to the Guest WLAN and getting an DHCP IP-Adress from the correct Network Subnet 10.253.11.0/24-range with GW: 10.253.11.254 & DNS 10.253.11.254, but the CaptivePortal is not showing up.

With this DHCP IP config on my device i can access the Guest WLAN Portal with 192.168.77.7:8880/.../ on my Device (Smartphone, Windows-PC) by hand … the GuestPortal loads up. But if I try to open it with the FQDN-Name wlan.mydomain.com:8843/.../ the portal is not accessable. It is strange that the Guest portal is not loading automatically and only by hand with IP-Address and not with FQDN. DNS for example is allowed from 10.253.11.0/24

If i authorize the device by hand, internet is working fine. But I want that the portal site is pushed to the device

 

Maybe helpful: If i connect to the Guest-WLAN with my device, i'm getting an IP-adress fast, but the WLAN connection seems nearly try 30 seconds to reach the portal …. after that I get an confirmation that the WLAN connections was etablished (with no Internet access). If i configure it as i describe in the next paragraph, the WiFi-Icon appears instantly after i connect to the WiFi and got an IP.

 

If i change the WLAN on the Unifi Controller to use the „default“ Network instead of „VLAN 11" all things working fine - i'm getting an IP fromm y Internal WLAN (10.253.99.0/24) and the CaptivePortal is showing up correctly; Login with password works too. But I want the Guest-Wlan in my separate VLAN 11 (10.253.11.0/24)



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML