Hi All,
I've got an issue i'm trying to work around and i've hit a wall so i though i'd try the brains trust.
We have a client who wishes to utlise Captive Portal authentication to allow users onto their "Guest" network. This captive portal uses an embedded credential to provide an " I Accept" style login to the controller. This all works ok.
The captive portal page is hosted on an external web server and the appropriate firewall pinhole in the captiveportal policy is done and working.
Once the user is authenticated, they are allowed to directly connect to local resources (i.e. public "walled garden" style setup) but if they want to access the internet they need to utlise a proxy server with authentication.
For most clients this works ok as the wpad / pac file discovery is permitted by the ACL. Windows and Apple devices work fine.
The issue we have is Android. As we know Android doesn't support auto-discovery of pac file configuration very well if at all so the only option is to explicitly specify the proxy server address in the android network profile.
This works great AFTER we have authenticated.
If the user sets the proxy and then disconnects, when they reconnect, the browser get stuck in a loop and redirects into itself (CP Page > Proxy > CP Page > Proxy etc).
The proxy uses port 8080 and i'm using the defalt captiveportal policy which does DST-NAT traffic from 8080 to 8088 as per the user guide.
I'm thinking that this isn't working because we have an external CP page but not quite sure where to go from here.
Anybody able to offer any suggestions?
We're running 6.3.x and have PEF licence etc.
Scott