Deprecation of CGI-Based Guest Login Page Customization

Description

Support for customizing guest login pages using an external web server with the CGI mechanism has been deprecated. This functionality is no longer enhanced and has been removed starting with SonicOS 7.3.2 and SonicOS 8.2.0 and later releases.

Affected Products

  • SonicWall firewalls running SonicOS
  • Deployments using External Guest Authentication or Captive Portal Authentication with CGI-based customization

Affected Versions

  • SonicOS 7.3.2 and later
  • SonicOS 8.2.0 and later

Issue

Customers using an external web server with CGI scripts to customize guest login pages will experience authentication failures or broken guest workflows after upgrading to affected SonicOS versions.

Cause

The CGI-based guest login customization mechanism is deprecated and lacks long-term support. Deprecated functionality does not receive enhancements or security fixes.

Resolution

Customers must replace the deprecated CGI mechanisms with the supported API‑based authentication on both the External Guest Authentication portal and the Captive Portal authentication portal. This requires updating existing guest authentication workflows to use the supported REST APIs. Screenshots from SonicOS are provided below for reference to help identify the relevant configuration areas.

External Guest Authentication

The following CGI APIs have been deprecated:

  • externalGuestLogin.cgi (Login)
  • externalGuestLogoff.cgi (Logout)
  • createGuestAccount.cgi (Create Guest Account)
  • externalGuestUpdateSession.cgi (Update Guest Session)

Replacement API: lhmapi/externalGuest (REST API)

Captive Portal Authentication

The legacy auth.cgi mechanism is deprecated and will no longer be enhanced. 
Replacement API: POST /api/sonicos/auth using the authentication type "firewall supported."

Recommended Action

  1. Identify existing guest authentication configurations that rely on CGI mechanisms.
  2. Update external authentication workflows to use the supported REST APIs.
  3. Test the updated configuration in a non-production environment.
  4. Deploy the updated configuration to production.

Additional Information

  • Deprecated features do not receive enhancements or security fixes.
  • Continued use of deprecated functionality may result in compatibility issues in future releases.
  • Early migration is strongly recommended to avoid service disruption.

 

Related Articles

  • Support for Bearer Token Validation for Non GUI API Sessions
    Read More
  • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall TZ series
    Read More
  • How to find out the CFS rating of a website?
    Read More

Categories

Firewalls
NSa Series
Firewalls
TZ Series
not finding your answers?
Ask the Community
Chat