Professional Documents
Culture Documents
FW5530 19.0v1 Creating Hotspots On Sophos Firewall PDF
FW5530 19.0v1 Creating Hotspots On Sophos Firewall PDF
FW5530 19.0v1 Creating Hotspots On Sophos Firewall PDF
Firewall
Sophos Firewall
Version: 19.0v1
[Additional Information]
Sophos Firewall
FW5530: Creating Hotspots on Sophos Firewall
April 2022
Version: 19.0v1
© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.
DURATION
8 minutes
In this chapter you will learn the three types of hotspot that you can create on Sophos Firewall.
Terms of acceptance
Voucher
Hotspots can be used to provide a number of functions depending on how it is configured. There
are three hotspot types:
• Terms of use acceptance, where users have to agree to a set of terms before getting access
through the hotspot
• Password of the day, a password needs to be provided by users and it is generated daily
• Voucher, each user has their own voucher for access that can be used to limit access time or
data allowance
Hotspots are accessed after the device is connected to the network and do not replace the security
mode selected for wireless networks. They are deployed to interfaces on the Sophos Firewall,
whether that is a physical port or a wireless interface from a separate zone. This means that
hotspots are not limited to being used with wireless networks or Sophos access points.
Users can only access the hotspot to authenticate, and resources defined in the walled garden
hotspot settings until they are authenticated. Once authenticated, network access is controlled by
firewall rules.
To configure a hotspot, start by selecting which interfaces it will apply to; this can be any interface
that is not in the WAN zone.
You can select policies to apply to the traffic coming from the hotspot. You will see where these
are used later.
Terms of acceptance
Password of the day
Voucher
When users access the hotspot using HTTP you can choose to redirect to HTTPS.
You need to select the hotspot type, each of which will have some associated configuration.
For voucher and password hotspots you need to select administrative users. These are users that
can manage the vouchers and password for the hotspot in the user portal. Note that these users
do not have to be administrators on the firewall.
If you are using a password of the day or voucher hotspot you can still enable a terms of use that
has to be accepted.
You can optionally redirect users to a specific URL after they have authenticated with the hotspot,
and you can customize the look of the hotspot.
When you save the hotspot, a firewall rule and linked NAT rule will be created. In the firewall rule,
the policies that you selected when creating the hotspot will be applied.
For voucher-based hotspots you can define different vouchers. All vouchers must have a validity
period but can also include time and data quotas.
Vouchers are created for hotspots in the user portal by the administrative users selected in the
hotspot configuration.
To generate vouchers, select the hotspot, the voucher definition, and the number of vouchers to
create. You can optionally choose to print the vouchers with a QR code, and this will generate a
PDF you can print.
Once vouchers have been created you can view and manage them at the bottom of the page.
Similarly, when using a password of the day, this can be managed through the user portal by the
selected administrative users. Here you can view the current password for a hotspot and generate
a new password.
Automatically delete
expired vouchers
Further down on the hotspot settings page you can configure a walled garden. This is the set of
resources that devices can access without authentication to the hotspot.
At the bottom of the page, you can download sign-in page templates and voucher templates and
change them to suit your branding and security requirements. For the voucher template we
support PDF version 1.5 and later.
There are three types of hotspot: terms of acceptance, voucher, and password of the
day. Terms can optionally be enabled for voucher and password hotspots
Voucher-based hotspots require voucher definitions that specify the validity period and
can optionally also have time and data quotas
Vouchers and passwords can be managed in the user portal by the administrative users
selected in the hotspot configuration
There are three types of hotspot: terms of acceptance, voucher, and password of the day. Terms
can optionally be enabled for voucher and password hotspots.
Voucher-based hotspots require voucher definitions that specify the validity period and can
optionally also have time and data quotas.
Vouchers and passwords can be managed in the user portal by the administrative users selected in
the hotspot configuration.