Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Answers 3 answers
  • Subscribers 12 subscribers
  • Views 41571 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS 11

NicholasHayman

Hi,

 

My college uses a captive portal web based authentication system on a Sophos UTM on their Wi-Fi. Since updating to iOS 11 when I connect it connects for a few seconds and gets a DHCP lease and then the connection just drops. Before I have a chance to login. They were able to reproduce the issue and said it's an iOS 11 issue then and I'd just have to wait for Apple to fix the bug. I don't think they're going to raise it with Apple or Sophos.

 

Has anyone had issues like this? I'd appreciate any input.



This thread was automatically locked due to age.
  • 0 in reply to HenryAuditor

    HTTP/2 should be irrelevant for his problem, which seems to be with DHCP.  Only the school admin could say for sure.

    HTTP/2 is supposed to be optional.   When UTM is in the middle of the connection, it is supposed to clear the "HTTP/2 capable" header, so that the connection operates in regular HTTP where UTM can inspect it.  It would be interesting if someone can show that this predicted behavior does not match reality.

  • 0 in reply to DouglasFoster

    It's not a DHCP issue as the phones receive an IP address from a DHCP server, either the UTM DHCP server or a Windows server on another subnet.

  • 0 in reply to NicholasHayman

    Hi  and  

    I tested with my iPhone on iOS 11.0.1 with an SG 115W on v9.503 and was able to connect and browse the internet. 

     

    Thanks,

    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0

    We are experiencing exactly the same issue at multiple sites. All sites have Sophos SG430 UTMs with firmware 9.503-4.

    We have a Ruckus wireless and various WLANs for teachers, students and guests. Students connect to a password protected WLAN (WPA2 and TKIP+AES) and then connect to the internet via the Sophos captive portal authenticated via Active Directory.

    Students are able to connect to the WLAN but then the connection drops. A workaround is to set the proxy to automatic which by default is set to off in iOS11. Once this is set to automatic the wifi connection remains but after launching a browser students are not presented with the Sophos captive portal and they are unable to browse the internet.

    I will report this issue to Sophos support and provide some feedback.

  • +1 in reply to envercpt

    One important point to check if using SSL filtering, is to ensure that the Sophos site certificate is installed and ensure that it's trusted in the certificate store found under General, About within iOS 10 and up. While this wasn't an absolute necessity in the iOS 10 series, it seems this makes all the difference in the world with the latest iOS.

    I've also noticed that while you may have run through the certificate install in iOS 10.0, for example, in 10.3.3 or 11.0 the certificate is no longer trusted so you have to go into the certificate store. Or in other words the trusted certificate somehow becomes untrusted after a later update (and you need to trust it again).

  • 0 in reply to envercpt

    My family members report that this is a global problem with ios11, and that it affects every type of wifi.  I do not think UTzM can work around it.

  • 0 in reply to DouglasFoster

    I think there is also a Problem with the Device-Specific Authentication in Web Filtering. If you set Exceptions for iOS and use a Default Authentication - ios Devices get the Authentication Pop-Ups.

  • 0 in reply to DouglasFoster

    DouglasFoster said:

    My family members report that this is a global problem with ios11, and that it affects every type of wifi.  I do not think UTzM can work around it.

     

     

    It is a global problem but Apple seems to be ignoring it as it was feedbacked during beta testing iOS11 in Apple's forums and every once in a while I'll be at a place and someone says to the person behind a counter "I can't connect to your wifi..." and the response is "Did you recently update your Apple phone?" to which they say "Yes..."

    Things our location has tried:

    • switching from an open network with Sophos authentication to a password protected network with Sophos authentication
    • Disabling WPA / TKIP and going with WPA2 / AES
    • Emailing the Sophos certificate to the end-user and installing it
    • Ensuring the certificate is trusted in the certificate store (doesn't usually happen automatically, found in settings General | About | Certificate Trust Settings

    I don't know what aspect of the experience is affecting iOS users but I believe it's tied to the web authentication.

    Edit: I should add that once the certificate is installed and trusted the situation is permanently resolved with iOS 11.0. Sorry, I left that out. But if you don't have the certificate on the system already you can't get the authentication prompt and iOS boots you off before you can bring it up.

  • 0 in reply to William Gault

    I'm not 100% yet, but I might of just ran into this issue as well.  Students can connect to the SSID and get a DHCP address, but they get no where.  I'm just waiting for details on whether or not the troublesome devices are running iOS 11.

    The web filter is just setup in Transparent Mode and URL filtering only for SSL.

  • 0

    I've been having issues with iOS 11 as well and devices staying connected to wireless.

    I use a single UTM with Win2012 DHCP Server.

    Have Unifi Access Points all over and no iOS 11 devices can stay connected.

    I managed to keep a few connected with Static IP's but tried one last night and it wouldn't even stick with a static IP.

     

    Will try adding this SSL Cert and see if that helps...

Unfiltered HTML