Captive Portal FQDN Support
Instead of using the IP address to display the Captive Portal an FQDN should be used. This will avoid certificate errors when HTTPS redirection is enabled.
Version 17.1 has now been released. Once you have updated to v17.1, you can switch to using the device hostname for the Captive Portal and other end-user interactions as follows:
1) Log in to the Firewall console over ssh
2) Select option 4 (Device Console)
3) Enter the following command at the prompt:
set http_proxy proxy_url_use_hostname on
4) To confirm that it has set, enter the following command:
5) Type ‘exit’ to return to the menu and logout.
We are still planning to further improve this in v17.2 with a setting in the UI and more flexibility about the hostname to use.
For more information about v17.1 and how to get it, read the release announcement here: https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-1-0-ga-released
Gary Morrison commented
It doesn't look like this corrects the SPX Registration URL either. The one used in the variable %REG_LINK%.
Agree Filippo. And yet quarantine digest is still bound to an IP address... as if users would use it only from one zone.... Please be serious
Michael Dunn commented
Here is our KB article about the feature:
To select the certificate to use, go to Administration > Admin Settings > Port Settings for Admin Console.
Ulf Kettner commented
Yes, why does it use the appliance cert? This is another sophos-kinda-half-done solution. Please stop wasting time with buzzword invention and finish the already implemented parts. Those are the parts your customers already paid for.
Well getting the FQDN in the URL is a big improvement.
Just a pity it uses the ApplianceCertificate, rather than the certificate specified for My Account, Captive Portal, SPX Registration Portal & Reply Portal.
Maybe these requests could be actioned sooner, rather than implementing features none of your customers have actually asked for.
Pepijn Deneut commented
I Changed this, but still seeing the ip instead of fqdn in the quarantaine digest. Do you need to reboot the firewall?
And yet quarantine digest is still bound to an IP address... as if users would use it only from one zone.... Please be serious
hmm.... are you serious... and what about the quarantine report, there is still an ip address instead of a useful hostname link....
.... pulling myself together to remain friendly.....
Eric V commented
17.1 beta include this features?
any updates please?
using FQDN instead of IP:8090
israel novelo commented
¿¿when?? ¿¿when this be available??
Can you please hurry this along. Chrome and Firefox are clamping down even more on self signed certificates and most users do not know how to circumvent the blocks. This should have been part of the firewall from the start. This is a priority feature. it is making me regret our purchase, that and the harassment from our users.
After 2y waiting for it we have a good news
Please, please, please. I can't switch clients to the XG until this is resolved.
Good lord, please fix this.
Please add this capability. Doesn't make sense to use HTTPS and get an "invalid certificate" because it is redirected to the IP address.
Running SFOS 17.0.6 MR-6
israel novelo commented
This is urgent, ¿when will it be ready?
What is meant by "near future" please be more specific
Two years later, SFOS 17.0.5 and such a basic thing is still no possible. Un-freaking-believable...