WiFi disconnects on Apple devices seconds after the connection

05/25/2023 68 People found this article helpful 485,628 Views

Description

The WiFi on Apple devices drops seconds after the connection: It only happens when a captive portal or web authentication is being used on the SonicWall to allow internet traffic.

Cause

This issue is due to the Apple Captive Portal: everytime you connect to the WiFi, iOS will check the connectivity by querying via HTTP "captive.apple.com". If you have a rule blocking the Internet traffic until the successful authentication, this traffic won't get a response, so the WiFi will be disconnected.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

This issue can be resolved by:

disabling the Captive Portal on the Apple devices.
creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

1. Create a FQDN Address Object for "captive.apple.com" from Object | Match Objects | Addresses

2. Create an Access rule to allow all the traffic to the Address Object above, navigate to Policy | Rules and Policies | Access Rules

The situation will now be as below:

The first ACL will allow DNS traffic
The second ACL will allow traffic to captive.apple.com
The third ACL will trigger the authentication page

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

This issue can be resolved by:

disabling the Captive Portal on the Apple devices.
creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

1. Create a FQDN Address Object for "captive.apple.com" from Manage | Objects | Address Objects

2. Create an Access rule to allow all the traffic to the Address Object above, navigate to Manage | Rules | Access rules

The situation will now be as below:

The first ACL will allow DNS traffic
The second ACL will allow traffic to captive.apple.com
The third ACL will trigger the authentication page

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

This issue can be resolved by:

disabling the Captive Portal on the Apple devices.
creating an Access Rule on the SonicWall to allow with no authentication all the traffic to captive.apple.com

If you decide to create the access rule, please follow the steps below:

Create a FQDN Address Object for "captive.apple.com" from Network | Address Objects
Create an Access rule to allow all the traffic to the Address Object above: