Captive Portal: Override FQDN

I just found this cool new (so far) undocumented Feature which avoids prospective Certificate-Error-messages when user are accessing the Captive Portal. Tought, I want to share this positive message with you :)

Parents

0 Emile Belcourt over 5 years ago

This feature was console only and only allowed either interface ip or hostname. Nice to see it in the GUI.

Emile
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Dunn over 5 years ago in reply to Emile Belcourt

Yes we added it originally as console only. Once we had a little more confidence in it and decided how best to put it in the UI, we moved it. The console option no longer exists and the setting migrated during upgrade.

Note: If there are any issues with the certificate working for WebAdmin but not for Captive Portal, please try uploading it as PEM format with the certificate chain separate and let us know if that resolved it. I had one report but we need customer samples if there is a problem.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 HuberChristian over 5 years ago in reply to Michael Dunn

Maybe I praised the new feature to early, because it does not seem to work in Email Quarantine Report.

I configured my XG Firewall to override the Hostname as the following:

In Quarantine Report, the Hostname is not overwritten, and QuarantineReport uses IP instead:

Its very important to have there the configured Hostname as well. So the users wouldn't face a Cerficate Error Message when they want to release false-positive Spam Mail.

Please send me Spam gueselkuebel@sg-utm.also-solutions.ch
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Dunn over 5 years ago in reply to HuberChristian

Correct, right now this is for Web only. I do not know the plans/timelines for Mail.

You can vote for the email feature here:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17478376
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Emile Belcourt over 5 years ago in reply to Michael Dunn

Michael Dunn said:

Correct, right now this is for Web only. I do not know the plans/timelines for Mail.

You can vote for the email feature here:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17478376

Do not believe this is suitable as a feature request, the switch to FQDN for hostname should be feature complete across the XG not piecemeal. If this is not already on the roadmap for an upcoming release, it should be as part of the original switch.

This just adds to a list of features implemented improperly on the XG, the Quarantine system should draw it's target from the XG primary hostname and not have a separate system for itself. Modify the listener, yes, but it should be picked up like the Captive Portal as you are making more work for yourselves down the line.

Emile
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Emile Belcourt over 5 years ago in reply to Michael Dunn

Michael Dunn said:

Correct, right now this is for Web only. I do not know the plans/timelines for Mail.

You can vote for the email feature here:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17478376

Do not believe this is suitable as a feature request, the switch to FQDN for hostname should be feature complete across the XG not piecemeal. If this is not already on the roadmap for an upcoming release, it should be as part of the original switch.

This just adds to a list of features implemented improperly on the XG, the Quarantine system should draw it's target from the XG primary hostname and not have a separate system for itself. Modify the listener, yes, but it should be picked up like the Captive Portal as you are making more work for yourselves down the line.

Emile
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data