Improve the Captive Portal Experience for Windows Roaming Client
under review ( scoping )
Graham, Joe
We are currently rolling out the Windows Roaming Client to 6000+ highly mobile employees. They travel all over the world and not just the U.S. Having something automated and happens in the background would be ideal. A tool in the portal to somehow identify these or a RC that just can handle Captive Portals all togehter. Or at the very least, the Windows RC needs the same ability as the MAC OS RC. just right-click and choose Access Captive Portal. having to manually maintan a list is not a way an admin wants to go about this.
Nick Saunders
Merged in a post:
Captive Portal / Traveling Exemption
Jim Luttinen
We have several clients who travel quite a bit and captive portals have been the bane of our existence. Administrators should be able to place a device into "travel mode" or some type of "learning mode" to pull captive portals into a database so we do not have to add these to each site. The roaming client is useless if they can't roam with it.
Nick Saunders
under review ( scoping )
We've released macOS RC 1.8.2 with improved support for Captive Portals - I've updated this topic to only concern the Windows RC.
We're interested to hear from voters that have experienced captive portal issues on Windows with our recent releases.
E
Hi Nick Saunders, our company is having captive portal issues on the latest windows agent 1.12.0.0
Problem occur on Offices, Hotels, Airports, Coffee shops,etc.
Coworking places such as Peerspace offices.
Airports, which include Pittsburgh/Midway/Nashville and St Louis.
This is very problematic for our Sales teams.
Let me know if you have any questions or workarounds.
E
Nick Saunders btw, this is after applying your whitelist mitigation https://help.dnsfilter.com/hc/en-us/articles/13124351011731-Captive-Portal-and-Roaming-Clients
Nick Saunders
E I understand the pain — just to clarify, had the RCs been online and active prior to you adding the captive domains to your local domains list? They need to be synced over successfully before attempting to connect to the captive portal network. If it happens again, can you have one of the users run the diagnostic tool to capture logs? These can help us with improving support.
E
Nick Saunders Some of the issues were experienced before the mitigation and some after. For the ones after, the mitigation had been implemented about a week or two before they reexperienced the issues when travelling, so it would be safe to assume that the RC client was online and active before connecting to the captive networks. It's not easy to get logs while an event like this is occurring, but we'll try to get them. Do you have plans for a patch on windows?
Nick Saunders
E Yes we do plan to address this on the Windows side, discussion is more about priority and timing. Generally speaking we've heard much fewer issues with the current handling of CP versus our macOS version. We also plan to consider more configuration for failover scenarios that would cover captive portal scenarios, in addition to others.
Sean Ardizzone
Nick Saunders My clients (and my own devices) are windows and I have had to tell the admins to disable the client if they have a user traveling. This literally defeats the point of a "roaming" client if the users can't be protected when they join a captive portal. Thanks for working on this!
E
Nick Saunders I wanted to follow up and convey our concerns regarding DNSFilter's handling of the captive portal problems on Windows.
Our company is now fully remote, with our team members traveling or working from various locations. This issue is impacting our productivity and security posture. We have continued seeing the issue despite following your recommendations.
The lack of a timely resolution to this known issue is worrying given how widespread and common it is.
We expect a concrete timeline for addressing this issue on the Windows agent. We would prefer to maintain our partnership. However, we need to see a clear path forward to resolving this crippling issue.
Steve Staden
E: I'm sorry to hear about those issues. I'd like to follow-up with you directly to meet and discuss further with you. Please watch out for an email from me ([email protected]).
Steve Staden
in progress ( live <90 days )
Right now our focus on development is for macOS RC as we've seen most issues related to macOS.
Steve Staden
planned ( in queue )
Alex
We should also have an option, as the tenant admin, to have the client fail-open completely if it's unable to reach DNSFilter's servers and utilize whatever DNS is available via DHCP. I know this isn't ideal for all situations, but it completely resolves the captive portal issue.
Something where the roaming client fails-open upon a connection issue, then continually tries to regain connection, should be a good balance of ease of access and security.
Of course, this should be optional.
Evan Mandel
I would also like this feature..not sure if it should be a separate request?
Steve Staden
Evan Mandel: I do consider it separate and we're discussing a fail-open option that admins could configure. I believe this request is for that - https://dnsfilter.canny.io/known-issues/p/roaming-client-failover. I think I'll should adjust the title just to it's more clear.
Justin Esgar
I don't want just a list, I want the system to be able to detect and allow it automatically. The amount of tickets we are seeing from clients recently is on the rise. Sending clients to captive.apple.com has stopped working also. There needs to be a holistic fix to this issue.
Steve Staden
up next2
All, I've merged and updated the description. We want to improve the overall experience when using a "captive portal", meaning when you are presented with an acceptance page on a hotel, airline, restaurant wifi network.
Preston
I think the client needs to be able to determine if a captive portal is present, and then divert to local DNS or provide some sort of way to passthrough the queries.
A master list of captive portals will always be one step behind as there is no way to ever know every single CP address that exists.
Steve Staden
under review ( scoping )
We're investigating ways to improve this experience.
Load More
→