Sophos SecurityTech

SFOS – Captive Portal causing excess traffic over WAN

I have noticed that Sophos 16 seems to have a problem with the way it’s captive portal works. If enabled (firewall policy set to drop), it seems to generate excessive amounts of traffic over my links to the remote branches.

Screenshot below shows the traffic when captive portal is enabled, and you can see the massive drop after disabling it. (The blue line reflects the traffic being sent TO the branches, over the WAN)
ltz-bandwidth-improvement

As an interim solution, I have done the following

  1. ¬†Creating an external ‘landing page’ and a firewall policy matching unauthenticated traffic destined to it with the action set to DROP. (Displays the portal)
  2. Set the action on all other unauthenticated traffic to REJECT, thus eliminating the excessive traffic

Curious if anyone else has encountered this problem. If so, hit me up on mail or in the comments. This issue could likely affect previous versions as well.

Leave a Reply

Your email address will not be published. Required fields are marked *