Web authentication and SSL problem (HSTS)
Hi, i have configured a USG 1900 with web authentication.
Clients connected to hotspot be prompted with the following message when want to see a HTTPS website and it is not possible to continue browsing.
Instead, when the clients enter an HTTP site, he is correctly redirected to the USG authentication page.
Firmware: V 4.33 (AAPL0) 2019-01-09
Message in firefox
Message on Chrome
I tried to change the Logout IP under Web Portal General Setting from 1.1.1.1 to 10.1.1.1 and the message for HTTPS request change: now I can proceed pressing on the "Open Network Login Page" button.
Obviously it is not a solution and can not remain that way.
Clients connected to hotspot be prompted with the following message when want to see a HTTPS website and it is not possible to continue browsing.
Instead, when the clients enter an HTTP site, he is correctly redirected to the USG authentication page.
Firmware: V 4.33 (AAPL0) 2019-01-09
Message in firefox
Message on Chrome
I tried to change the Logout IP under Web Portal General Setting from 1.1.1.1 to 10.1.1.1 and the message for HTTPS request change: now I can proceed pressing on the "Open Network Login Page" button.
Obviously it is not a solution and can not remain that way.
Is it a known bug?
Is Zyxel already working on it?
Is there a workaround?
Thank you
Regards
Luca
Thank you
Regards
Luca
0
All Replies
-
@LALU
Regarding to this case,
You need to import the certificate (export from USG )to PC and browser.
After that clean the browser cache and check it again.
The attached document as your reference.
Charlie0 -
@Zyxel_Charlie
thank you, but is not a solution.
This gateway manages the access of a public Wi-Fi network with about 1000-1500 registered users, I can not pass every device of the customers to configure the certificate.
The curious thing is that with the UAG 5100 there is no this problem.
0 -
@LALU
Regarding to this case,
if you enable SSL Inspection, you need to import the certificate of USG to PC since each device which support SSL inspection need to do the same way to avoid this behavior.
However, if you do not enable SSL Inspection, and the issue still occur, can you go to WWW> to Disable Redirect HTTP to HTTPs (since the function on UAG5100 is disable by default )
Charlie0 -
Hello Charlie,
I have the same issue with a ZUSG40W. I follow all the instructions and the configuration works only for android devices. Windows, MAC OS and iPhone can't get the User Aggreement screen and can't access internet. We got a Bad request screen:
Any ideas?
ZyWALL USG40W
F/W Rev 4.33(AALB.0)
Thank you.
Best regards,
FernandoBest regards0 -
Hi @dpipro
In the usual, client will redirect to login page automatically when connecting to WiFi.
Can you make sure “Force User Authentication” function is enabled in Webauth first.
If authentication page not pop on your phone, you can try to access HTTP website to verify it.
e.g. http://www.yahoo.jp
Then it should able redirect login page to you.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight