Options

Users connecting to hotspot

Mike_MMike_M
in WiFi - Firebox Managed

We have a number of guest users running off the wireless gateway hotspot (with users codes) which are having issues connecting. They get an IP address handed out but the web page doesn't pop up where they can accept our user conditions and put in their user code.

A PC users (Windows 10) gets "bad gateway" and a number of apple iphone and laptop users cannot connect due to untrusted certificates or warnings about connecting.

Have logged a call with support but thought I'd check if anyone else has had the issue. (running 12.10 fireware OS)

Answers

  • Options
    Mike_MMike_M

    Installing the web ca on one of the affected laptops doesn't work - and yet other laptop connected straight away & bought up the firebox web page to accept terms & conditions and put the user code in

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Mike_M

    If the user tries to go to an HTTPS page, and the captive portal tries to redirect, they may get a cert error due to a cert/name mismatch, especially if the website is using HSTS.

    The captive portal that the wifi 5 and 6 APs support works much better for this, as it redirect the user to a domain via WiFi Cloud, and WatchGuard Cloud respectively. If you're using WatchGuard APs, I would suggest looking into that feature vice the hotspot feature on the firewall itself.

    -James Carson
    WatchGuard Customer Support

  • Options
    NZReedyNZReedy

    Adding to the converstaion the welcome message is point to an http page not https : http://xxx.xxx.x:4106/hotspot/Hotspot/index.shtml

  • Options
    NZReedyNZReedy

    We are also using a Watchgaurd wireless gateway not cloud

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @NZReedy
    The hotspot page is HTTP, but the firewall injects a redirect into the page the user is trying to go to in order to get them there. If the site is HSTS, this will generally fail, as the response is not actually from that site.

    In 2023, there's roughly a 99% chance that it'll be HTTPS.

    If going to a site like neverssl.com

    Gateway Wireless Controller doesn't include a hotspot feature - that's part of the firewall's hotspot system under Authentication. The firewall treats the interface the APs are plugged into like any other interface (you can plug a PC into that VLAN and it'll work just like they were on the wireless.)

    -James Carson
    WatchGuard Customer Support

Sign In to comment.