Controllerless Networks

Hi Guys,

Have a query/question around the block all traffic feature of the VIA client. One of our customers requires this feature to be on and devices are to autoconnect to the VPN using VIA. Now when the block all traffic feature is enabled the VIA client cannot resolve the controller address in DNS. To get this working on private networks we have whitelisted RFC1918 addresses which allows the VIA client to resolve DNS locally and VPN to the controller.

Thinking about hotspot access, free wifi etc, I would expect to have to get to a splash page and fill in some details to gain access, a large number of these are public cloud hosted and we would have to identify the IP addresses of these and whitelist them including public DNS if used.

Is there some sort of captive portal detection and remediation that I am missing?, have read through documentation and doesn't appear to be any workaround for this. Why would you implement a block all traffic before VPN access when that would stop it from contacting the VPN due to no access to DNS or default gateway which we are seeing when this feature is enabled.

Thanks

Ben

Hi,

At this time, we do not have a feature to deal with Captive Portals.  For now, traffic to the following ip addresses should be automaticlaly whitelisted when the "block" feature is enabled:

Thanks Colin,

The exeprience we had with that was not the case and blocked all traffic. We had to whitelist the RFC1918 addresses for the VPN profile to allow the client to connect. We are running 7030 MC's AOS 6.5.4.3, VIA client 3.0.0.0 on Windows 10.

Is this Windows?   Please upgrade to the latest client and let us know if you have the same issues.