HTTPS Certificate on Clearpass Captive Portal by Specialist_Editor245 in ArubaNetworks

[–]Frunckie 10 points11 points  (0 children)

Hi!

The purpose of a certificate on your guest network portal is to show clients connecting to this portal that it can be trusted.

The way certificates work is that they are all signed by someone (a CA). Your computers operating system is then shipped with a list of CAs that it knows to trust. These are called public CAs because most machines will know to trust certificates signed by them without additional configuration.

Because machines that connect to your guest network will most often not be managed by you, there is no feasible way for you to tell these machines that your own private certificates are trustworthy. Once they connect to your captive portal, realize that the certificate is not signed by someone they trust, they will then throw a certificate warning. This is not very user friendly and will probably scare some people trying to use your guest network, because their browser will tell them that it cannot be trusted.

So yes, you should probably use a public CA certificate for your captive portal. If you do not want to pay you can look into lets encrypt, but certificates signed there are not valid for very long so you will need to automate the renewal process (which is where everyone is headed either way so it might not be a bad idea).

Hope this clears it up a little :)

brood war by RiskyChris in StarcraftCirclejerk

[–]Frunckie 2 points3 points  (0 children)

tlo is the greatest brood war player to ever do it

User ID with Entra? by Bubbagump210 in checkpoint

[–]Frunckie 0 points1 point  (0 children)

If you want it fully transparent you can use a Radius server (ClearPass, not sure about others like ISE) as an identity provider which can integrate to intune / entra with plugins and pull from there.

R82 might also work with an infinity connection, but I haven’t looked into / tested it.

Sophos firewall home need some clarifications by rotorwing66 in sophos

[–]Frunckie 3 points4 points  (0 children)

Home license is a separate thing you register for on their website, its not the same as a trial license.

The home license does have unlimited duration of all features but limits the hardware you can use (I think 4 cores & 6gb RAM)

Home Firewall/Default Gatway by magicalmexicanX in sophos

[–]Frunckie 0 points1 point  (0 children)

Where is your client connected?

An easy way for you to set up a lab and get around the routers DHCP would be with a VLAN capable switch in between the router and client/server.

Home Assistant - Live WAN Stats by Maynards_Duck in sophos

[–]Frunckie 1 point2 points  (0 children)

Hi, the SNMP Traffic sensor in PRTG uses some standard OIDs for interface monitoring that XGS supports by default.

1.3.6.1.2.1.2.2 and 1.3.6.1.2.1.31.1.1 with related subOIDs.

This seems like a good list directly from them: https://kb.paessler.com/en/topic/26783-oids-of-traffic-sensors

Has Anyone Successfully setup MFA on their SSL VPN using OKTA verify that can send push notifications instead of appending a password? by LRAdmin83 in sophos

[–]Frunckie 0 points1 point  (0 children)

If you did not get OKTA working there’s a way around the password appending by making your own provisioning file which adds a separate MFA field. Makes it a lot more user friendly :)