Does anybody has such a use case where Packetfence is deployed inside and uses Web Authentication on Guest WiFi network which is positioned in dmz? Does anybody know how to solve problem of Captive Portal resolution in this case? Maybe in this case is best to introduce portal type of interface and permmit http and https in WLC ACL. But i am wondering how in this case you achieve accessing the Management and portal interface via same DNS A record (fqdn). As I know you cant have two different interface resolving to same fqdn. In fact you can but it will do round and robin which is not desired in this case. ---- On Sat, 06 Apr 2019 09:08:54 +0200 Kalcho <[email protected]> wrote ---- > Hello, > > To better explain my problem: I have three legged firewall (interval, DMZ > and internet legs). My Guest WiFi subnet is located in the DMZ. Packetfence > NAC is deployed in interval network. I have setup WiFi using RADIUS Web > Authentication with Packetfence as notes in the network Devices guide. Per > client access lists are used to during authentication to wifi, and then > authorize_any access list is used when user is authenticatio. To be able to > use portal in this Guest WiFi subnet I have taken one interface from > Packetfence and put it into this DMZ subnet. I am using public DNSes and > switch's dhcp for this Guest WiFi. The problema consists that client cannot > resolve the portal address in this subnet, as I am using the public DNS and > ofcourse I can not edit its record as the portal is interval to my network > and not accessible outside. To be more complicated I have portal also on > registration network which is used internally for MAB on internal LAN > networks for client not having suplicant software. Is it possible some way > to accomplish to resolve my portal fqdn in this setup? Or if I need to > change design please propose some solution how I can accomplish this? It is > not problem to use other DNS as long as they can resolve to internet (like > pfdns) or another dhcp. Only thing which can not be moved is packetfence > server from internal network due to strict company policy as it is also used > as internal NAC. > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Guest WiFi Web Portal DNS issues
Kalcho via PacketFence-users Wed, 10 Apr 2019 23:31:11 -0700
- [PacketFence-users] Guest WiFi Web Portal DNS... Kalcho via PacketFence-users
- Re: [PacketFence-users] Guest WiFi Web P... Kalcho via PacketFence-users
