Captive Portal: Configuring Google Authentication in NG Firewall
Overview
When using Google Authentication with Captive Portal, NG Firewall must be configured to process HTTPS traffic through the SSL Inspector app. Without this, authentication attempts through Google will fail.
This configuration is necessary even when allowing HTTP-only Captive Portal redirects.
Setting up SSL Inspector
Installing the SSL Inspector app
If you are not already using SSL Inspector, it may not be installed. To install it:
- Go to Apps in the navigation bar at the top of the screen
- Click Install Apps in the upper-left-hand corner
- Click on SSL Inspector to install it
Enabling SSL Inspector
- Click on the SSL Inspector app
- In the Status tab, click the toggle labelled SSL Inspector is disabled. The toggle indicator will turn green and the text will change to SSL Inspector is enabled:
What if I don't want to use SSL Inspector?
NG Firewall must be inspecting HTTPS traffic in order for Google Authentication to succeed. However, if you don't wish for SSL Inspector to scan specific sites (and potentially cause issues with those sites), you can configure it to ignore all traffic.
In the Rules tab, locate the "Ignore other traffic" rule, which usually appears at the very end of the list. In a default installation, it should be rule #17. Click-and-drag the cross icon at the extreme left-hand side of that rule and drag it to the top of the list, into position #1. Click Save to commit your change.
⚠️ Don't disable HTTPS processing!
The configuration detailed above is the only way to stop SSL Inspector from acting upon your traffic, in this case. In the Configuration tab, you'll find an option to disable the processing of HTTPS traffic: do not use this option as it will not resolve the issue with Google Authentication.
Follow
Comments
0 comments
Please sign in to leave a comment.