Captive Portal: Override FQDN

That's right, you can create proper certificates and host records to avoid those annoying error cert errors.  We're making big investments in SSL/TLS technology over the coming releases, V18 and beyond.  

Glad you're enjoying the new capability.

This feature was console only and only allowed either interface ip or hostname. Nice to see it in the GUI.

Emile

Yes we added it originally as console only.  Once we had a little more confidence in it and decided how best to put it in the UI, we moved it.  The console option no longer exists and the setting migrated during upgrade.

Note: If there are any issues with the certificate working for WebAdmin but not for Captive Portal, please try uploading it as PEM format with the certificate chain separate and let us know if that resolved it.  I had one report but we need customer samples if there is a problem.

Maybe I praised the new feature to early, because it does not seem to work in Email Quarantine Report.

I configured my XG Firewall to override the Hostname as the following:

In Quarantine Report, the Hostname is not overwritten, and QuarantineReport uses IP instead:

Its very important to have there the configured Hostname as well. So the users wouldn't face a Cerficate Error Message when they want to release false-positive Spam Mail.

Correct, right now this is for Web only.  I do not know the plans/timelines for Mail.

You can vote for the email feature here:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17478376

Michael Dunn said:

Correct, right now this is for Web only.  I do not know the plans/timelines for Mail.

 

You can vote for the email feature here:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17478376

 

Do not believe this is suitable as a feature request, the switch to FQDN for hostname should be feature complete across the XG not piecemeal. If this is not already on the roadmap for an upcoming release, it should be as part of the original switch.

This just adds to a list of features implemented improperly on the XG, the Quarantine system should draw it's target from the XG primary hostname and not have a separate system for itself. Modify the listener, yes, but it should be picked up like the Captive Portal as you are making more work for yourselves down the line.

Emile

Michael Dunn said:

Correct, right now this is for Web only.  I do not know the plans/timelines for Mail. 

If that's really how you guys want to implement this Feature (namely partwise - as Emilie correctly stated) then you should document this either in the GUI, or in the OnlineHelp. So the People know what they can expect from this Feature and what they can not expect.

Unfortunatedly, I don't give a lot on ideas.sophos.com. Back to Astaro days, this Platform was respected by Dev's and PM. Since Sophos's days it's definitely not.
See... this Featureportal seems not to be maintained by Sophos anyways. There are a lot of features in it, allready realized since more than one version back.

I agree with Christian here. On ideas.sophos.com you only play with the hopes of the users, but nothing happens.
Who is the person you can become to to make this feature happen?

We have a bigger email project and I'm not going to use UTM anymore.

The team is actively working on also getting the FQDN used in the Quarantine reports, this unfortunately did not make it into beta2 but we are considering to deliver it as part of a MR into 17.5.

I'd be glad to know some more informations about the timeline of this Feature. We do have a Statement from Sophos Presales-Engineeers back in May 2018 where there was promised, this Feature will be realized whitin 17.2. Now we have to take note, this will not even happen in 17.5 GA.

We do have several Partners, having itself numerous End-Customers who are really awaiting this for function, so they can finally migrate from UTM to XG.