Users with the AnyConnect Secure Web Gateway (SWG) module may have trouble signing in at some public hotspot locations.
Ensure you are using AnyConnect version 4.10.04065 (4.10 MR4) or later.
Versions Prior to 4.10.04065
Support is limited for captive portals with earlier versions of AnyConnect when using SWG. The following actions of a captive portal will likely make it unreachable to a SWG client:
- Redirecting to, or loading of assets from, a destination outside of the RFC-1918 private IP address space.
- Accepting a TCP handshake for Umbrella proxies on port 80 or 443 and then closing the connection or providing an unexpected response.
As a workaround, add exceptions in the Domain Management section of the Umbrella Dashboard, via External Domains list, for any destination that fails to load. Captive portal behavior is implementation-specific, so the required domain(s) or IP addresses will vary with each hotspot.