Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid Captive Portal Link https://:8090/httpclient.html

 
Hi, I have finished implementing my XG310 with SSO. When an unauthenticated user tries to browse, the captive portal link incorrectly appears. "https://:8090/httpclient.html"
If I put in the browser the address of my sophos works and the captive portal appears. I have the latest firmware installed. Any ideas?, Thank


This thread was automatically locked due to age.
Parents Reply Children
  • Hi, excuse the delay. I made a TCPDUMP to the host that presents the wrong captive poral and the result is the one I show:

     

    console> tcpdump 'host 192.168.38.125'
    tcpdump: Starting Packet Dump
    10:55:10.611692 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 72:
            0x0000:  0000 0800 4500 0034 1900 4000 8006 13af  ....E..4..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 c9b7  ..&}..P....P|...
            0x0020:  0000 0000 8002 ffff 8a3c 0000 0204 05b4  .........<......
            0x0030:  0103 0303 0101 0402                      ........
    10:55:10.611692 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [S], seq 2094385591, win 65535, options [mss 1460,nop,wscale 3,nop,nop,sackOK], length 0
    10:55:10.611732 Lag0.38, OUT: IP 150.214.80.25.80 > 192.168.38.125.53222: Flags [S.], seq 167527720, ack 2094385592, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    10:55:10.611733 Lag0, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 72:
            0x0000:  0000 0800 4500 0034 0000 4000 4006 6caf  ....E..4..@.@.l.
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4528  ..P...&}.P....E(
            0x0020:  7cd5 c9b8 8012 7210 ce3b 0000 0204 05b4  |.....r..;......
            0x0030:  0101 0402 0103 0307                      ........
    10:55:10.611734 Port4, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 72:
            0x0000:  0000 0800 4500 0034 0000 4000 4006 6caf  ....E..4..@.@.l.
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4528  ..P...&}.P....E(
            0x0020:  7cd5 c9b8 8012 7210 c8f2 0000 0204 05b4  |.....r.........
            0x0030:  0101 0402 0103 0307                      ........
    10:55:10.612058 Port4, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1901 4000 8006 13ba  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 c9b8  ..&}..P....P|...
            0x0020:  09fc 4529 5010 8000 fbd4 0000 0000 0000  ..E)P...........
            0x0030:  0000                                     ..
    10:55:10.612058 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1901 4000 8006 13ba  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 c9b8  ..&}..P....P|...
            0x0020:  09fc 4529 5010 8000 fbd4 0000 0000 0000  ..E)P...........
            0x0030:  0000                                     ..
    10:55:10.612058 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [.], ack 1, win 32768, length 0
    10:55:10.612309 Port4, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 483:
            0x0000:  0000 0800 4500 01cf 1902 4000 8006 1212  ....E.....@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 c9b8  ..&}..P....P|...
            0x0020:  09fc 4529 5018 8000 8661 0000 4745 5420  ..E)P....a..GET.
            0x0030:  2f20 4854 5450 2f31 2e31 0d0a 4163 6365  /.HTTP/1.1..Acce
            0x0040:  7074 3a20 7465 7874 2f68 746d 6c2c 2061  pt:.text/html,.a
    10:55:10.612309 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 483:
            0x0000:  0000 0800 4500 01cf 1902 4000 8006 1212  ....E.....@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 c9b8  ..&}..P....P|...
            0x0020:  09fc 4529 5018 8000 8661 0000 4745 5420  ..E)P....a..GET.
            0x0030:  2f20 4854 5450 2f31 2e31 0d0a 4163 6365  /.HTTP/1.1..Acce
            0x0040:  7074 3a20 7465 7874 2f68 746d 6c2c 2061  pt:.text/html,.a
    10:55:10.612309 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [P.], ack 1, win 32768, length 423
    10:55:10.612320 Lag0.38, OUT: IP 150.214.80.25.80 > 192.168.38.125.53222: Flags [.], ack 424, win 237, length 0
    10:55:10.612320 Lag0, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 60:
            0x0000:  0000 0800 4500 0028 a875 4000 4006 c445  ....E..(.u@.@..E
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4529  ..P...&}.P....E)
            0x0020:  7cd5 cb5f 5010 00ed ce2f 0000            |.._P..../..
    10:55:10.612321 Port4, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 60:
            0x0000:  0000 0800 4500 0028 a875 4000 4006 c445  ....E..(.u@.@..E
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4529  ..P...&}.P....E)
            0x0020:  7cd5 cb5f 5010 00ed 7941 0000            |.._P...yA..
    10:55:11.051321 Lag0.38, OUT: IP 150.214.80.25.80 > 192.168.38.125.53222: Flags [P.], ack 424, win 237, length 705
    10:55:11.051324 Lag0, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 765:
            0x0000:  0000 0800 4500 02e9 a876 4000 4006 c183  ....E....v@.@...
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4529  ..P...&}.P....E)
            0x0020:  7cd5 cb5f 5018 00ed d0f0 0000 4854 5450  |.._P.......HTTP
            0x0030:  2f31 2e31 2032 3030 204f 4b0d 0a44 6174  /1.1.200.OK..Dat
            0x0040:  653a 2054 6875 2c20 3233 2046 6562 2032  e:.Thu,.23.Feb.2
    10:55:11.051326 Port4, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 765:
            0x0000:  0000 0800 4500 02e9 a876 4000 4006 c183  ....E....v@.@...
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 4529  ..P...&}.P....E)
            0x0020:  7cd5 cb5f 5018 00ed 248b 0000 4854 5450  |.._P...$...HTTP
            0x0030:  2f31 2e31 2032 3030 204f 4b0d 0a44 6174  /1.1.200.OK..Dat
            0x0040:  653a 2054 6875 2c20 3233 2046 6562 2032  e:.Thu,.23.Feb.2
    10:55:11.051509 Port4, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1903 4000 8006 13b8  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb5f  ..&}..P....P|.._
            0x0020:  09fc 47ea 5010 7fa7 f7c5 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.051509 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1903 4000 8006 13b8  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb5f  ..&}..P....P|.._
            0x0020:  09fc 47ea 5010 7fa7 f7c5 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.051509 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [.], ack 706, win 32679, length 0
    10:55:11.051772 Port4, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1904 4000 8006 13b7  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb5f  ..&}..P....P|.._
            0x0020:  09fc 47ea 5011 7fa7 f7c4 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.051772 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1904 4000 8006 13b7  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb5f  ..&}..P....P|.._
            0x0020:  09fc 47ea 5011 7fa7 f7c4 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.051772 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [F.], seq 424, ack 706, win 32679, length 0
    10:55:11.051791 Lag0.38, OUT: IP 150.214.80.25.80 > 192.168.38.125.53222: Flags [F.], seq 706, ack 425, win 237, length 0
    10:55:11.051792 Lag0, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 60:
            0x0000:  0000 0800 4500 0028 a877 4000 4006 c443  ....E..(.w@.@..C
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 47ea  ..P...&}.P....G.
            0x0020:  7cd5 cb60 5011 00ed ce2f 0000            |..`P..../..
    10:55:11.051793 Port4, OUT: Out 00:e0:20:11:0a:95 ethertype Unknown (0x0026), length 60:
            0x0000:  0000 0800 4500 0028 a877 4000 4006 c443  ....E..(.w@.@..C
            0x0010:  96d6 5019 c0a8 267d 0050 cfe6 09fc 47ea  ..P...&}.P....G.
            0x0020:  7cd5 cb60 5011 00ed 767e 0000            |..`P...v~..
    10:55:11.052018 Port4, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1905 4000 8006 13b6  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb60  ..&}..P....P|..`
            0x0020:  09fc 47eb 5010 7fa7 f7c3 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.052018 Lag0, IN:  In 4c:cc:6a:a4:9d:5d ethertype Unknown (0x0026), length 66:
            0x0000:  0000 0800 4500 0028 1905 4000 8006 13b6  ....E..(..@.....
            0x0010:  c0a8 267d 96d6 5019 cfe6 0050 7cd5 cb60  ..&}..P....P|..`
            0x0020:  09fc 47eb 5010 7fa7 f7c3 0000 0000 0000  ..G.P...........
            0x0030:  0000                                     ..
    10:55:11.052018 Lag0.38, IN: IP 192.168.38.125.53222 > 150.214.80.25.80: Flags [.], ack 707, win 32679, length 0
    ^C

    Thank you,

  • HI Jose,

    Could you take  the TCP dump again and this time use the command again as below

    Console > tcpdump 'host <IPaddress of the Machine > and port 8090

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  •  

    Nothing, but I think that thanks to your track I discovered the problem. In other words, my network has a LAG configured with VLAN, and according to TCPDUMP the output is to a MAC of an unknown interface

    I have reviewed the settings of my LAG and have no static IP. What I do not understand is that if I put an IP, it can be the same one with which I manage my XG, which is the same as my VLAN?

    My LAG:

     

     

    My VLAN:

     

    Is it possible to put in the LAG the static IP 192.168.37.10 which is the management of my XG?

  • Jose,

    The ip should always be unique on any layer 3 and above devices otherwise the routing table will get crazy.

    Also make sure the ip belongs to a unique subnet.

    Regards

  • Today I configured a static IP to my LAG (192.168.37.5) and everyone has stopped accessing the Network. I do not understand how it is possible. Thank you