03-20-2010 02:54 PM
03-20-2010 05:50 PM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-23-2010 12:30 PM
The capitve portal users only had access to external dns, there for would use the firewall server that was also acting as a nat device for (ext->int) services.
This is called 'hair pinning ' where the client had to be redirected from the firewall's internal interface back into the internal network.
We were using a cisco asa firewall device. The problem was fixed using rules that would allow for the above. But every service needed a complement rule. We finally
changed our captive portal to a different dmz (ext ip).
03-25-2010 10:40 AM
- Guest-Logon-Access (access list for what services are allowed before login)
- Guest-Access (access list for what services are allowed after login)
- Block Internal Networks (internal network list)
- DMZ (our dmz server list)