Hotspot "terms of service" customization
I serve a customer who uses XG firewalls in their chain of restaurants. They want to keep the customer hotspot sign-on process as clean and simple as possible. Vouchers etc. are a mission to manage - they just want to provide free Internet to their customers, limited by data or time.
My customer would like to their hotspot setup in such a way that when a user joins, they are presented with a branded captive portal with a splash page, with terms of service for the user to accept.
When the user accepts, they are granted Internet Access. The user then gets a predetermined data allocation (configurable by the firewall admin) and/or time allocation (configurable by the firewall admin)
When the time/data allocation runs out, you can only re-connect after a given period of time (configurable by the firewall admin). Typically this would be set to 24 hours as a default, but could be longer if desired.
I tried using Terms of Service to achieve the above - it works reasonably well, but the minimum time you can configure is 2 hours, and there is no data limitation functionality. It seems after the 2 hours is up, you get presented with the same login stash page again, and if you accept the terms you are back online.
Ran into this tonight. Took a generic, very basic ToU only to find that Sophos limits the text to 1,024 characters.
Even the most basic ToU I could find was around 4,000 characters.
This restriction is most peculiar, especially if you consider that Sophos' own Term of Use for their web site comes in at a whopping 21,022 characters.
Even the section "USER POSTINGS & UPLOADING CONTENT TO THE SITE; COMMUNITY STANDARDS" from Sophos' terms, which would be somewhat close to hotspot terms, is already 1,464 characters.
The problem stil persists in the actual version (SFOS 18.0.3 MR-3).
This can't be possible, why was this working in UTM 9 and with an new device it is no more.
Hey customer, you should update your hard- and software, but not to the new sophos devices because we don't support scrollable textboxes anymore.
COMMON SOPHOS hurry up to fix this small problems.
in Guest users Authentication settings Diclaimer length cannot exceed 500 Characters. Seriously Guys!!!. 500 Characters!!! I'm flabbergasted while setting up Guest access for our Corporate Network. Sophos Make it least 750 Words.
I agree with all the other commenters; I also believe we should have an option to have the authorization to last longer than 24 hours (I have use case where a week would be desirable). This should be fully customizable.
Armand Liebenberg commented
Great Idea, will come in handy
I need this feature too, struggling with similar shortfalls in functionality too.
Marvin Huffaker commented
This is a very basic TOS and it's way more than 1024. (Also there's another suggestion for the same thing, the title of this particular suggestion is very poor. Anyway, something like below is what I was trying to put in when I discovered the limitation and went WTF. There is not a legal disclaimer on earth that fits in 1024 characters. Also, if someone is trying to connect to my hotspot, and I have to link them to an external TOS, they can't actually get to it since they haven't accepted the terms yet. So it creates a catch 22.
WARNING: This free service is an open network provided for your convenience and its use is at your own risk. It is available to the general public at some City facilities, and is NOT INHERENTLY SECURE. The providers cannot and do not guarantee the privacy of your data and communication while using the service.
There are potentially serious security issues with any computer connected to the Internet without the appropriate protection, ranging from viruses, worms and other programs that can damage the user's computer, to attacks on the computer by unauthorized or unwanted third parties. By using this service, you acknowledge and knowingly accept the potentially serious risks of accessing the Internet over an unsecured network. It is recommended that users take steps to protect their own computer system, such as installing current anti-virus software and maintaining appropriate firewall protection. For further information on how to protect yourself on this open network, consult a security professional.
You acknowledge and agree that YOUR USE OF THIS SERVICE IS SOLELY AT YOUR OWN RISK.
By using the Service, you also agree to all terms set forth in the following Disclaimer.
Service provided "AS IS." This Service provides access to the Internet on an "as is" basis with all risks inherent in such access. The providers of the Service make no warranty that the Service or that any information, software, or other material accessible on the Service is free of viruses, worms, trojan horses or other harmful components. By connecting, the user acknowledges and accepts the risks associated with public access to the Internet and public use of an unsecured wireless network. No technical support will be provided to users of the Service.
Service provided "AS AVAILABLE." The Service is provided on an "as available" basis without warranties of any kind, either expressed or implied, that the Service will be unrestricted full internet access, uninterrupted or error-free, including but not limited to vagaries of weather, disruption of service, acts of God, warranties of title, noninfringement, NOR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. No advice or information given by the providers, affiliates, or contractors of the service or their respective employees shall create such a warranty.
Indemnity. Under no circumstances shall the providers of the Service, or affiliates, agents, or contractors thereof, be liable for any direct, indirect, incidental, special, punitive or consequential damages that result in any way from user's use of or inability to use the Service or to access the Internet or any part thereof, or user's reliance on or use of information, services or merchandise provided on or through the Service, or that result from mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, or transmission, or any failure of performance.
You agree to indemnify and hold harmless the providers of the Service, including affiliates, agents, and contractors thereof, from any claim, liability, loss, damage, cost, or expense (including without limitation reasonable attorney's fees) arising out of or related to your use of the Service, any materials downloaded or uploaded through the Service, any actions taken by you in connection with your use of the Service, any violation of any third party's rights or a violation of law or regulation, or any breach of this agreement.
Marvin Huffaker commented
I agree. I came here to make this same suggestion. a limit of 1024 characters does not give you enough text to create an adequate legal disclaimer for a public hot spot that needs to be provided as-is and the appropriate indemnity clauses and such. I would think it should be able to handle a couple pages of text just like any other Terms of Service legal agreement.
This character limitation has been around for a few years. Many complaints in the forums. Our TOS is nowhere near 1024 characters long! Please get this changed.
Mohammed Elglaind commented
also we must have the option to delete "Sophos Firewall" from the footer.
this information should be secret !
Nick Ross commented
It would be helpful to be able to have more flexibility here for a use case where a different team / individual deals with any wireless queries to the team that receive / manage notifications.
You really need to rename the title of this improvement idea to something more descriptive - i almost didnt bother clicking it in the list
Just remove the character limitation, I very much doubt plain text, unless someone pastes in a copy of everything in the library of congress, would become resource intensive or impact the performance of the device. It's a completely arbitrary and unnecessary restriction.
I agree the characters limitation should be more then 1024 character. 3000 characters would be great!
Brent Wesley commented
Hotspot service has a number of problems.
2. Live session usage for Hotpot. Currently when someone is logged on to a hotspot using a non Sophos access point there is not live user information and no way to terminate a session.