Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense without NAT

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      insurin
      last edited by

      pfsense 2.3.2
      Squid Transparent
      Captive Portal via Windows AD Raduis

      Issue is not being able to log BYOD Internet Activity by AD username on Sonicwall/Analzyer.

      I have a Dell Sonicwall that I use for my Internet filter and firewall. The Soinicwall can read who is logged in via Active Directory username if user are logged into the domain.

      For my BYOD, I use pfsense Captive Portal. The problem is the Sonicwall only reads the WAN IP address for the logs of my BYOD users even though they are authenticating via Windows RADIUS. I assume because the network connections are NAT'ed this is the reason.

      To get round this I told my AP's (Ubiquiti) to use RADUIS and take Pfsense out of the equation I then setup Radius accounting, configured it on the Sonicwall. This would of worked apart from my AP's don't utilize the 'Framed IP Address' attribute' which is a bummer considering I have 46 of these AP's.

      So for the time being, I have my BYOD users logging into the WiFi via 802.1X (Raduis) with their AD credentials, they then hit the Captive portal of the Sonicwall and login via web authentication rather than single sign on.

      Enough waffle

      Is there a way of the Sonicwall seeing the BYOD users if pfsense was setup without NAT so it could log Internet usage by username and not the WAN address of pfsense. I find the Pfsense Captive Portal a much cleaner system than using RADIUS.

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        I find the Pfsense Captive Portal a much cleaner system than using RADIUS.

        • MS Windows server with radius server role with certificates for wireless clients (company, internal)
        • MS Windows server with LDAP server role wired clients (company, internal)
        • pfSense Captive Portal for wireless for wireless clients (guests, external)
        • pfSense Squid & SquidGuard & SARG to log all their activities
        1 Reply Last reply Reply Quote 0
        • I Offline
          insurin
          last edited by

          is this possible or am I talking broken biscuits?

          For my domain users I push out a certificate from the Sonicwall to all domain computers via GPO so I can utilize DPI-SSL. Could I use this certificate on Pfsense Captive Portal so BYOD users have to accept it when they are presented with the CP? This way I could then capture SSL traffic

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.