I have noticed that Sophos 16 seems to have a problem with the way it’s captive portal works. If enabled (firewall policy set to drop), it seems to generate excessive amounts of traffic over my links to the remote branches.
As an interim solution, I have done the following
- Creating an external ‘landing page’ and a firewall policy matching unauthenticated traffic destined to it with the action set to DROP. (Displays the portal)
- Set the action on all other unauthenticated traffic to REJECT, thus eliminating the excessive traffic
Curious if anyone else has encountered this problem. If so, hit me up on mail or in the comments. This issue could likely affect previous versions as well.