Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change the IP-Address of the Captive Portal?

Simon-Timothy Folaji

Hi Community,

when Users connect to the GuestWifi they get redirected to the Captive Portal, which is accessible under 10.0.255.1 - This behavior gives an SSL error because the IP-Adress is not in the SAN of the certificate. How can i change the Captive Portal to use an name instead of the Zone IP-Address?

Under Administration --> Admin console and end-user interaction the settings are configured to:

Use the firewall´s configured hostname: firewall.domain (this name is listed in my SAN-certificate).

When i use the button "Check settings", it also returns no errors.

Any suggestions?

Cheers.



This thread was automatically locked due to age.
  • 0

    Hi,

    As you have configured "hostname: firewall.domain" and this hostname must be resolved by the DNS server which is given in Guest/Users DHCP server IP address and Firewall Itself. 

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

    • 0 in reply to Deepak Verma

      OK. How do i achieve this? The hostname which is given to the firewall is resolvable. The DNS Server is from the ISP. Should i give the Guest DHCP my internal DNS-Servers?

      • 0 in reply to Simon-Timothy Folaji

        Hi,

        Check this article: https://community.sophos.com/kb/en-us/132058

        Regards,

        Deepak Kumar

        Sophos Architect | NSE 4 | CCNP | CISE 

        • 0 in reply to Deepak Verma

          Hi Deepak,

           

          sorry - but there is no mentioned parameter proxy_url_use_hostname. See the image below:

          • 0 in reply to Simon-Timothy Folaji

            Hi,

            This backend feature is not avaiable in 17.5.5.

            You can log in in GUI and follow the path: Administration > Admin Settings > Port Settings for Admin Console.

            Select as: Use a different Hostname and enter the correct Hostname. 

            What is DNS server Ip address you assigning to the Guest users? Is it ISP or Local DNS server IP address? Is the same DNS configured in the Firewall and resolving the hostname with the correct Ip address of the Sophos Interface IP?

            If you are not sure then share your DNS IP address,  Nslookup process, Guest user's IP address (NIC card screenshot) and Sophos configuration as well. We will review and confirm to you.

            Regards,

            Deepak Kumar

            Sophos Architect | NSE 4 | CCNP | CISE 

            • 0 in reply to Deepak Verma

              Hello Deepak,

              lt me answer your questions:

              I did select a hostname that is resolvable by our internal dns servers:

              1st and 2nd DNS-Servers are internal (DCs)

              The 3rd DNS-Server is from our ISP.

              They are static.

              **

              The DNS-Servers for the guests (WLAN) are both external (ISP).

              So, it´s not the same configuration.

              The guest users get an ip address from the range 10.0.255.0/24, the gw is 10.0.255.1

              Our internal network is 192.168.0.0/22

              I hope that helps. If you need anything more, i´ll provide.

              • +1 in reply to Simon-Timothy Folaji

                Hi,

                Make below changes as:

                Guest User's Primary DNS server: 10.0.255.1 (DNS must be allowed on the Guest Zone)

                Make some changes as below:

                1. Administration --> Admin Setting -->  Admin console and end-user interaction --> When redirecting users to the captive portal or other interactive pages:

                Use the firewall's configured hostname: XXXXXX.XXX.XXX
                 
                2. Also, Select the connect certificate.
                 
                Here, If you had assigned the hostname XXXXXX.XXX.XXX on your firewall then it will resolve with your LAN interface IP address only.
                 
                 
                 
                 

                 

                 

                Regards,

                Deepak Kumar

                Sophos Architect | NSE 4 | CCNP | CISE