WiFi disconnects on Apple devices seconds after the connection

Description

The WiFi on Apple devices drops seconds after the connection: It only happens when a captive portal or web authentication is being used on the SonicWall to allow internet traffic.

Image

Cause

This issue is due to the Apple Captive Portal: everytime you connect to the WiFi, iOS will check the connectivity by querying via HTTP "captive.apple.com". If you have a rule blocking the Internet traffic until the successful authentication, this traffic won't get a response, so the WiFi will be disconnected.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


This issue can be resolved by:

  • disabling the Captive Portal on the Apple devices.
  • creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

1. Create a FQDN Address Object for "captive.apple.com" from Object | Match Objects | Addresses

       Image


 2. Create an Access rule to allow all the traffic to the Address Object above, navigate to Policy | Rules and Policies | Access Rules

       Image


The situation will now be as below:

  • The first ACL will allow DNS traffic
  • The second ACL will allow traffic to captive.apple.com
  • The third ACL will trigger the authentication page 

      Image


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


This issue can be resolved by:

  • disabling the Captive Portal on the Apple devices.
  • creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

1. Create a FQDN Address Object for "captive.apple.com" from Manage | Objects | Address Objects

       Image


2. Create an Access rule to allow all the traffic to the Address Object above, navigate to Manage | Rules | Access rules 

      Image


The situation will now be as below:

  • The first ACL will allow DNS traffic
  • The second ACL will allow traffic to captive.apple.com
  • The third ACL will trigger the authentication pageImage

      

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

This issue can be resolved by:

  • disabling the Captive Portal on the Apple devices.
  • creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

  1. Create a FQDN Address Object for "captive.apple.com" from Network | Address Objects
    Image
  2. Create an Access rule to allow all the traffic to the Address Object above:
    Image

The situation will now be as below:

  • The first ACL will allow DNS traffic
  • The second ACL will allow traffic to captive.apple.com
  • The third ACL will trigger the authentication page

Image

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
TZ Series
Secure Wireless
SonicPoint Series
Secure Wireless
SonicWave 400 Series
not finding your answers?
Ask the Community