Some background: ZD1106 on firmware 188.8.131.52.14 - ZF7363 and ZF7372 APs We are using a signed SSL cert from a CA (GoDaddy) and all intermediate certs are installed and devices do not give any certificate errors.
did have this working "somewhat successfully" previously. However we
want to use public DNS servers in our DHCP scope for Guest devices. When
guest devices connected to the Guest WLAN, the public DNS servers could
not resolve the local IP of the ZD and the redirect failed (obviously).
Manually entering the ZD private IP (instead of the FQDN) allowed
successful guest authentication.
We published a public IP
address/DNS record for the ZD (although did not expose the ZD publicly) and then the guest client could resolve the public IP. We then
used our firewall/router to do an internal NAT rule to translate the
public IP to the private IP. However I could never get the guest devices
to communicate via the public IP (even though it was being NAT'd
internally), prior to authentication (ex: ping failed to public IP). If I
authenticated the device with a guest pass by using the private IP of
ZD, then pinging public IP was successful.
I then attempted to
use a hot spot service where I could specify the public IP in the walled
garden and I could communicate with the ZD prior to authentication (ex:
ping to public IP was successful), but the redirect would always land
on the ZD admin login no matter which address was specified for the
login page. I can manually navigate to the Onboarding portal page via
the FQDN, but obviously that didn't work because the Guest WLAN was
changed to Hot Spot service and guest passes could not be issued.
Changed the Guest WLAN back to a guest service and ping to public IP was
successful but redirect always lands on Admin login. If I manually
navigate to on boarding portal page and try to authenticate with a guest
pass I receive error "This is an invalid Guest Pass. Please try again".
an attempt to start over, I deleted the hotspot service and guest
service from ZD and recreated only a new guest service and applied it to
my Guest WLAN. But it still lands on Admin login page and NOT the
onboarding portal, while still also pinging the public IP. If I
navigate to onboarding page manually and enter a newly created guest
pass I get the invalid guest pass error. What is going on?
goal is to use the Onboarding portal for both Guest Access with guest
pass and BYOD device registration with ZeroIT. I want to use public DNS
servers on the DHCP scope of the Guest WLAN. Is there a way to
accomplish that? We do have active support and can engage them if necessary.