Network Access Enforcement and Authpoint Logonapp
Hi!
Stumbled across a small problem and is wondering if there's some sort of configuration error or design flaw in our setup.
We have been using Authpoint Logon app for some time with our office as Safe Zone excluding that network from Authpoint prompts. Since a week ago I've been playing around with Network Access Enforcement on one of our SSID:s. We have EPDR on all our machines.
The problem/quirk:
When connected to the SSID with NAE activated (no rj45 to network), you're always prompted for Authpoint Login, since the NAE checking for EPDR needs to pull up a web browser to perform the check (from what I can tell the splashpage is the AP gateway performing the check). And when you're not logged in that doesn't happen, check fails. You get no internet, and Authpoint doesn't know where you are. Since you dont have a established internet connection you can't use push notification to your app and have to use OTP or scan QR code to logon. Not very user friendly applying NAE to your SSID:s in conjunction with Authpoint Logonapp.
After that the session is valid for 24h before next NAE check, which also is strange..
Is there a workaround to be able to smoothly use this security feature?
Thanks in advance for any clarification on the matter.
Comments
Hi @KAndersson
Under most circumstances, modern OSes (Windows 10/11, supported versions of OSX, most Linux distros, iOS, and Android) will do a network connectivity check when connecting to WiFi (with the purpose of seeing if there is a captive portal.) NAE has a few checks -- if it's lagging I would suggest opening a support case so that our team can look at your logs and see what it might be missing.
-James Carson
WatchGuard Customer Support
Hello @james.carson !
So to be clear, NAE should be able to perform it's epdr verification at MS Logon screen (win10/11 e.g) as in this case?
I will create a support ticket then.