Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive portal on branch site with RED on standard/split setup - update

We have a community post 5 years ago regarding Captive portal on branch site with RED on standard/split setup.

The answer was that is not possible because, in Standard/Split implementation, the internet traffic is routed directly from the RED to the internet. Which means XG is not intercepting this traffic at all and hence it is impossible to imply authentication via XG to such traffic. 

Setup:

User-----RED-------RED Tunnel-----SFOS-----Resources

 Captive portal on branch site with RED on standard/split setup 

 

I wanted to understand if this answer is still valid or we have any way to configure Captive portal for the users behind RED



This thread was automatically locked due to age.
Parents
  • Hi  ,

    Thank you for reaching out to the community, the key advantage of using the standard/split is if you want to control the remote site, and have Sophos UTM control data flowing to and from the remote site to the central network. The key difference is that traffic to and from the public Internet passes through the RED to the Internet directly. And the drawback is  that the remote site now has to maintain its own perimeter security, including web filtering. You also lose visibility into the remote site's public Internet usage as this is no longer logged or reported by Sophos firewall.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • So, here users are behind RED (BR) and they are connecting to SFOS XGS (HQ) through RED tunnel. They have allowed few traffic as a split network to enter the tunnel. Rest of the internet traffic will be connected directly as you mentioned. However the configured Tunnel traffic will eventually reach to XGS of HQ site.

    Now we wanted to impose a captive portal for the tunnel traffic. So that users behind RED sends the traffic to Firewall through RED, and it gets authenticated first. 

Reply
  • So, here users are behind RED (BR) and they are connecting to SFOS XGS (HQ) through RED tunnel. They have allowed few traffic as a split network to enter the tunnel. Rest of the internet traffic will be connected directly as you mentioned. However the configured Tunnel traffic will eventually reach to XGS of HQ site.

    Now we wanted to impose a captive portal for the tunnel traffic. So that users behind RED sends the traffic to Firewall through RED, and it gets authenticated first. 

Children