Hey volks,
We have a ZD 1200 with latest Firmware. We want to have them on a WAN endpoint inside a DMZ network. In this DMZ network is a Webserver as captive Portal. Our Accesspoints should be somewhere outside this network - they're connected over their own WAN links.
In our Testlab we did:
- Having a DMZ network (192.168.110.0/24)
- Having a ZD1200 -> 192.168.110.200
- Having a Webserver for CP -> 192.168.110.10
- Having a static WAN IP 80.x.x.x with a static a record (zonedirector.company.de)
- having NAT rules to forward 443,12222,12223,21,pasv ftp incoming on WAN to ZD (192.168.110.200)
On the AP side we have:
- R500 with latest firmware (provided by ZD1200
- DynDNS (static ip is also available)
- Network 192.168.30.0/24
What is working?
- AP can reach ZD
- AP can join ZD
- ZD can manage (update, push profiles etc.)
- ZD Profile "Standard" without Authentication is working, a Tablet on AP-side is connecting to the AP and can surf, the Tablet is shown in ZD
issue:
- when trying to use a hotspot profile i can join the network, getting a IP from DHCP of AP-Side (192.168.30.111 as example) and then the redirect page comes up and try to bring me to the CP Page... this takes a long time and then i get a timeout that 192.168.110.200 isn't reachable (what is clear to me as the AP cannot connect to the DMZ area
The question is - how can i tell the ZD (or AP?) that he has to try the public ip of the ZD instead of the internal?
BR
Matthias
P.S. The goal is to have AP's without VPN connection that are managed by the ZD. We just want to have the ability to publish open SSID's where the terms of use must be accepted and after logged in we want to show our landing page first .... thats all
Any other ways to reach this goal are welcome
