Why is SonicWall Captive Portal showing an HSTS error while accessing websites?

Some websites, like Google, Facebook, etc. have started using a security feature called HSTS (HTTP Strict Transport Security). This feature forces the browser to connect to the website securely using HTTPS.

On SonicWall, the Captive Portal is used for User Level Authentication (ULA) to provide controlled Internet access and Guest Services for wired and wireless connections. Typically, when users try to access a secure website (HTTPS URL), the firewall redirects them to a login page where they must authenticate to proceed.

However, with HSTS, the browsers (Currently Google Chrome and Microsoft Edge, but might change in the future) now insist on connecting securely. This conflicts with the captive portal’s redirection process, preventing users from reaching the login page and blocking Internet access.

As an example, refer to the below screenshot:

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

To fix the issue caused by HSTS, you can bypass the automatic redirection to HTTPS and access the SonicWall login page directly. Here’s how:

1. Open your browser, type the IP address of the captive portal or SonicWall login page in the address bar, and log in using your User credentials. In the screenshot below, I have used https://192.168.168.168 as an example. 
   
   
   
   
2. You will be redirected to a confirmation page, click Continue and you will be authenticated successfully.
   
   
   
   
3. After the successful authentication, you will be able to access HSTS-based websites.
   
   

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

 
To fix the issue caused by HSTS, you can bypass the automatic redirection to HTTPS and access the SonicWall login page directly. Here’s how:

1. Open your browser, type the IP address of the captive portal or SonicWall login page in the address bar, and log in using your User credentials. In the screenshot below, I have used https://192.168.168.168 as an example.
   
   
   
   
2. A user status pop-up window will open and you will be authenticated successfully.
   
   
   
   
3. After the successful authentication, you will be able to access HSTS-based websites as well.