Problem
Users with the AnyConnect Secure Web Gateway (SWG) module may have trouble signing in at some public hotspot locations.
Solution
Ensure you are using AnyConnect version 4.10.04065 (4.10 MR4) or later.
If you encounter issues with a captive portal with a current version of AnyConnect, please contact our Support team to provide packet capture, debug logging information, and details of the configuration.
Details
This can be caused by CSCvz37687 "Unable to connect to hotspots via captive portal with AnyConnect SWG Module enabled". After upgrading to AnyConnect 4.10.04065 or later, no additional configuration or user interaction is necessary.
Some wireless hotspots and other guest networks interrupt Internet access and redirect web traffic to a captive portal (sometimes called a walled garden). AnyConnect SWG versions prior to 4.10.04065 may attempt to send this web traffic to the Umbrella cloud even if Internet access is unavailable, which prevents the system from locally interacting with the captive portal. This local interaction may be required to grant access through authentication, payment, or a click-through agreement page.
Versions Prior to 4.10.04065
Support is limited for captive portals with earlier versions of AnyConnect when using SWG. The following actions of a captive portal will likely make it unreachable to a SWG client:
- Redirecting to, or loading of assets from, a destination outside of the RFC-1918 private IP address space.
- Accepting a TCP handshake for Umbrella proxies on port 80 or 443 and then closing the connection or providing an unexpected response.
As a workaround, add exceptions in the Domain Management section of the Umbrella Dashboard, via External Domains list, for any destination that fails to load. Captive portal behavior is implementation-specific, so the required domain(s) or IP addresses will vary with each hotspot.
Comments
0 comments
Article is closed for comments.