Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I create "voucher code" in hostpost wifi SP Home editor for internet access from clients?thanks

How do I create "voucher code" in hostpost wifi SP Home editor for internet access from clients?thanks



This thread was automatically locked due to age.
Parents
  • I am also interested in an answer to this question, and generally a tutorial or how-to guide in a number of areas regarding Sophos XG. I am evaluating their product by implementing XG Home Edition OS at my residence, and I can give a very practical reason why the Hotspot feature is useful for residential use.

    My kids have friends that come over regularly and request internet access for their game systems, phones, tablets and what have you.
    I do not want my kids sharing our WiFi WPA keys with everybody that comes to visit. I don't mind sharing our WiFi with guests, as long as they are isolated from LAN devices and I also do not merely want an open WiFi that any passerby can latch onto even if it is isolated. A Hotspot with an authenticated user Captive Portal allows us to protect our bandwidth from passersby, but also makes sharing internet access with house guests trivial.

    In Sophos XG, the Password of the Day hotspot type seems convoluted and the Terms of Use option is basically open access.

    I have been using Zeroshell for our home gateway for a while now and it's Captive Portal hotspot feature is fairly simply and straight forward to setup and offers the isolation and login that I am looking for. However, I am also looking at Sophos small business products as a potential commercial offering for my clients.
Reply
  • I am also interested in an answer to this question, and generally a tutorial or how-to guide in a number of areas regarding Sophos XG. I am evaluating their product by implementing XG Home Edition OS at my residence, and I can give a very practical reason why the Hotspot feature is useful for residential use.

    My kids have friends that come over regularly and request internet access for their game systems, phones, tablets and what have you.
    I do not want my kids sharing our WiFi WPA keys with everybody that comes to visit. I don't mind sharing our WiFi with guests, as long as they are isolated from LAN devices and I also do not merely want an open WiFi that any passerby can latch onto even if it is isolated. A Hotspot with an authenticated user Captive Portal allows us to protect our bandwidth from passersby, but also makes sharing internet access with house guests trivial.

    In Sophos XG, the Password of the Day hotspot type seems convoluted and the Terms of Use option is basically open access.

    I have been using Zeroshell for our home gateway for a while now and it's Captive Portal hotspot feature is fairly simply and straight forward to setup and offers the isolation and login that I am looking for. However, I am also looking at Sophos small business products as a potential commercial offering for my clients.
Children
  • Hi,
    not sure this stuff works or at least for me. I have tried twice to create hotspot for guest users and all that has happened is no access for the clientless users even with the policy disabled. I have to delete the entire hospot setup to get internet access.
    Probably works for someone so it could get signed off at beta then GA releases.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • Thanks for sharing Ian;

    Not sure if this will help but after additional tinkering, I figured out what our friend @vilic has recommended above, and it's working for me, albeit not ideally.

    Here's my setup.

    I have XG OS running on a Core2 Duo Desktop PC with 3 physical NICs (interfaces):

    • Port1 - LAN
    • Port2 - WAN (Static IP)
    • Port3 - WiFi (Created this zone first) (Static IP - 192.168.2.1)

    The Port3 NIC is connected to the LAN port of a Belkin 4 port WiFi router, configured as follows:

    • DHCP turned off
    • Has a static LAN IP (192.168.2.254)
    • No WiFi encryption enabled
    • Configured in Router Mode, as Access point mode doesn't work for me for some reason I didn't bother to investigate.

    XG Configuration

    1. In XG, I configured DHCP for Port3 Interface (issuing 20 IPs)
    2. Created new administrative user (needed to login into user portal to create vouchers)
    3. Created Hotspot Voucher Definition
    4. Created Hotspot, associated with Port3 Interface, chose Voucher Hotspot Type and voucher definition. (I believe in this step XG automatically creates the appropriate User Network Rule)
    5. Log out of XG Admin Console and log back into XG User Portal as new administrative user, and created a new voucher.

    So, with this setup, when I connect a client (Android phone) to the Belkin via WiFi, XG hands out an IP in the DHCP range for the Port3 Interface, I get a notification alert on the phone which takes me to the XG Captive Portal page when clicked, where I can enter the Voucher code created in step 5 above.

    Using a simple PING networking tool on my mobile, I get no response from internal LAN resources like my web server and other hosts, so I believe the LAN isolation I want is there.

    This works so far, but here are a few problems that I either haven't figured out yet or that are missing features:

    • Would like the option to manually define the Voucher Code or at least a Voucher code Prefix.
    • Why is there only one Hotspot type for Passwords, i.e. Password of the day? I would like to have the option of a simple user/password value pair that doesn't change on a daily basis. Some parts of the documentation imply this is possible, but it also seems to imply that the user must first log into the user portal which doesn't make sense, since guest users should have no access to this.

    Hope this helps other XG Home Edition evaluators.