What does the firewall log as

johngreen76 · ‎03-09-2016

I am experiencing the problem listed below only with IOS devices when the WLC interface is routed through a firewall. If traffic is bypassed the firewall the IOS device connects instantly. I have tried testing with Fortigate, pfSense, and untangle firewalls and all exhibit the same issue.

Does anyone have some experience with this issue? Android, PC, and Macbook devices connect without problems. I have tried different WLC firmware ranging from 7.4 - 8.1 and nothing changes.

CSCur63456

Description

Symptom:
iOS apple device doing webauth auth may take up to 30 seconds to move to the "Done" status after submitting the form
it shows the working/waiting status, then moves to pass traffic

this is triggered by a timing issue between the captive portal code in the IOS device , plust traffic drops at FW due to lack of TCP state

Conditions:

-Webauth
-Captive portal detection disabled
-FW that will drop unexpected traffic, instead of sending TCP RST

Workaround:

Several possibilities
1. Allow stateless traffic form clients or configure FW to reset it
2. use captive portal detection

Philip D'Ath · ‎03-10-2016

What does the firewall log as going wrong when this happens?

johngreen76 · ‎03-10-2016

It shows traffic to various apple domains, and some TCP re transmissions. I am assuming this is an issue within IOS since every other device can associate and authenticate properly.

Philip D'Ath · ‎03-10-2016

I know its painful. Every now and again Apple change it and break it again.

Delay on Apple IOS devices to show connection