Web authentication and SSL problem (HSTS)

LALU
LALU Posts: 7  Freshman Member
First Comment Friend Collector First Anniversary
edited April 2021 in Security
Hi, i have configured a USG 1900 with web authentication.
Clients connected to hotspot be prompted with the following message when want to see a HTTPS website and it is not possible to continue browsing.

Instead, when the clients enter an HTTP site, he is correctly redirected to the USG authentication page.

Firmware: V 4.33 (AAPL0) 2019-01-09

Message in firefox


Message on Chrome




I tried to change the Logout IP  under Web Portal General Setting from 1.1.1.1 to 10.1.1.1 and the message for HTTPS request change: now I can proceed pressing on the "Open Network Login Page" button.
Obviously it is not a solution and can not remain that way.


Is it a known bug?
Is Zyxel already working on it?
Is there a workaround?

Thank you
Regards
Luca

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @LALU
    Regarding to this case,
    You need to import the certificate (export from USG )to PC and browser.
    After that clean the browser cache and check it again.
    The attached document as your reference.
    Charlie
  • LALU
    LALU Posts: 7  Freshman Member
    First Comment Friend Collector First Anniversary
    @Zyxel_Charlie
    thank you, but is not a solution.

    This gateway manages the access of a public Wi-Fi network with about 1000-1500 registered users, I can not pass every device of the customers to configure the certificate.
    The curious thing is that with the UAG 5100 there is no this problem.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @LALU
    Regarding to this case,
    if you enable SSL Inspection, you need to import the certificate of USG to PC since each device which support SSL inspection need to do the same way to avoid this behavior.

    However, if you do not enable SSL Inspection, and the issue still occur, can you go to WWW> to Disable Redirect HTTP to HTTPs (since the function on UAG5100 is disable by default )

    Charlie
  • dpipro
    dpipro Posts: 69  ZCNE Certified
    First Comment Friend Collector Fifth Anniversary ZCNE Switch Level 1 Certification - 2020
    Hello Charlie,

    I have the same issue with a ZUSG40W. I follow all the instructions and the configuration works only for android devices. Windows, MAC OS and iPhone can't get the User Aggreement screen and can't access internet. We got a Bad request screen:


    Any ideas?

    ZyWALL USG40W
    F/W Rev 4.33(AALB.0)

    Thank you.

    Best regards,
    Fernando
    Best regards
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @dpipro

    In the usual, client will redirect to login page automatically when connecting to WiFi.

    Can you make sure “Force User Authentication” function is enabled in Webauth first.


    If authentication page not pop on your phone, you can try to access HTTP website to verify it.

    e.g. http://www.yahoo.jp

    Then it should able redirect login page to you.

Security Highlight