Showing results for 
Search instead for 
Did you mean: 
Post a Question

Create a Captive Portal exception rule on SMB

Hey guys! A costumer wanted to configure a way to bypass captive portal authentication for a specific network on a locally managed 1400 appliance. I found sk117593, which suggests using hotspot.

So I disabled User Awareness and enabled hotspot for the networks that require authentication. I then set configure radius to use the Active Directory users. But this way all User Awareness features are lost!

Is there any other way to create an exception?

This feature is crucial, and we can actually lose customers because of this. I hope that development is working on this.

0 Kudos
3 Replies

Re: Create a Captive Portal exception rule on SMB

The SK was pretty clear this was the "workaround" to do it.

What specific "User Awareness" features did you lose here?

0 Kudos

Re: Create a Captive Portal exception rule on SMB

When disabling User Awareness it is not possible to enforce access to internal servers or to specific applications by user groups.

Also, logs will show the user only when you open them, which compromises visibility. But that's a minor issue.

I found a better workaround. Here is what I did instead:

  1. Enabled User Awareness and disabled hotspot.
  2. Enabled the option "Allow unregistered guests", on "Browser-based authentication" configuration window
  3. Configured a a rule from:guest_network to:internet action:accept
  4. Used AD user groups on every other rule.

Now, guest users on the guest network can click on "I don't have a username and password" and register to use the internet. It can be a fake name.

Users in the internal network will have to authenticate with a valid AD user to do anything.

It is not ideal, but it works.


Re: Create a Captive Portal exception rule on SMB

That definitely sounds like a better option.

0 Kudos