Hi,
My infrastructure consists of aruba 315 access points and we have a guest network with authentication.
We have a dedicated vlan for this network and the rules created block access to all private networks.
We found that when we are connected to the guest network prior to authentication, we have access to public ips from the command line, but when we go through the browser it doesn't work as expected.
Is there any configuration we can do to block all access until authentication is done on the authentication page?
##########################################################
Scanning www.google.com (172.217.17.4) [4 ports]
Completed Ping Scan at 10:33, 2.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:33
Completed Parallel DNS resolution of 1 host. at 10:33, 5.54s elapsed
Initiating SYN Stealth Scan at 10:33
Nmap scan report for www.google.com (172.217.17.4)
Host is up (0.0032s latency).
rDNS record for 172.217.17.4: mad07s09-in-f4.1e100.net
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http mini_httpd
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: <empty>
|_http-title: Did not follow redirect to https://securelogin.hpe.com/swarm.cgi?opcode=cp_generate&orig_url=687474703a2f2f7777772e676f6f676c652e636f6d2f
443/tcp open ssl/https?
|_ssl-date: TLS randomness does not represent time
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|storage-misc
Running (JUST GUESSING): Crestron 2-Series (87%), HP embedded (85%)
OS CPE: cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
Aggressive OS guesses: Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 12.225 days (since Sat Aug 31 05:10:34 2019)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 ...
2 2.00 ms mad07s09-in-f4.1e100.net (172.217.17.4)
NSE: Script Post-scanning.
Initiating NSE at 10:34
Completed NSE at 10:34, 0.00s elapsed
Initiating NSE at 10:34
Completed NSE at 10:34, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 40.88 seconds
Raw packets sent: 2096 (97.232KB) | Rcvd: 73 (3.977KB)