To activate the RADIUS service, go to Configure -> Authentication -> Servers -> ADD in the Sophos management panel. Enter the options as indicated in the screenshots.
Enter 188.8.131.52 in the Server IP section.
Enable the Enable accounting option.
Enter YeT2dXVs6D in the Shared secret section.
Enter obifi-radius in the Server name section.
Configure Authentication Methods
To use the RADIUS service for authentication, activate the obifi-radius option in the Configure -> Authentication -> Services -> Firewall authentication methods section.
Go to Configure -> Authentication -> Web Authentication and follow the steps below.
Edit the "Authorize unauthenticated users for web access" section as shown in the screenshot.
After configuring the "Captive portal behavior" section as shown in the screenshot, save it with the APPLY button.
In the "Captive portal appearance" section, select the Custom HTML option and replace it with a custom HTML template created for your Sophos device in the Obifi panel. Then, save it with the APPLY button.
Rule and Policy Definitions
To create the necessary rules for Obifi authentication, go to Protect -> Rules and policies -> Add Firewall rule and follow the steps below.
Give the rule a name and select Action as Accept.
In the Source zones section, select the zones where the rule will be applied.
From the Destination zones section, choose the appropriate zone and register the domains listed in the Destination networks section as FQDN hosts.
Click APPLY to save the rule.
Create a new rule to activate the Captive Portal for guest users based on the zone.
Activate the "Match known users" and "Use web authentication for unknown users" options, and select User or groups as Any.
Then, save this rule with the APPLY button.
**If you're encountering a DNS error during Captive Portal installation, you can resolve the issue by adding a rule that allows the DNS service.