1st time Config assistance

[JaxJoe]

I am trying to test this product for local office and am having "configuration issues".

Here is my basic setup:

Cisco Wireless AP on it's own guest segment (10.10.0.x /24)
Cisco ASA Router / firewall
2008 R2 server (10.10.0.254 - Wifi, 10.x.x.x - DMZ IP)


Installed FirstSpot with default settings on 2008 R2 server with beta 7.1

Disabled self sign-up
Created operator account to create "QuickAdd" accounts to be able to service people.
Default NAT options
Locked down all traffic until auth through a login


On the Cisco Wireless AP, added ip-helper to point to the 10.10.0.254 in order to get DHCP addresses without issue.

IPConfig shows 10.10.0.x ip on wireless device with dns / default route pointing to 10.10.0.254.

When I goto access any internet website, I just get the cannot display page and it does not resolve to the login page.

If this could be resolved today, that would be great to move forward with what I think is the product we need.

[alan]

Couple of points:

1) By default, FirstSpot has its own DHCP server. Please disable any DHCP server in your AP. There should be no need to configure ip-helper in your AP.

2) Are you using FirstSpot Multiple Network Segments (see chapter 4 of firstspot_guide.pdf)? Please make sure the simpler single network segment works okay first. For single network segment, your AP should act as a bridge instead of router.
_________________
~ Patronsoft Limited ~

[JaxJoe]

1. I am using firstspot as the dhcp server. It was hit and miss getting an IP address from the wifi network. IP-Helper is not dhcp, it is used on enterprise devices to forward dhcp packet requests to that specific ip address that is serving dhcp.

2. This is confusing as the documentation I am following shows scenario one.

Server interfaces:
1 - 10.10.0.254 /24 WiFi Network
2 - 10.240.0.0 /24 Internal Network

What would I put in the network segment entries? I have put the forward for 10.10.0.x in my routers and switches for that traffic to be routed properly so possibly I am missing an entry in the multiple segment area.

[alan]

Okay, let's focus on Scenario 1 first.

1) Again, you don't need ip-helper. Note that ip-helper is also known as "DHCP relay". FirstSpot DHCP server is self-sufficient and you need to turn off all other DHCP server in the visitor network side.

2) Also, your AP need to act as a bridge. So make sure the "WAN" port of the AP is not used

3) Make sure you start FirstSpot successfully. You should see the word "Started" in the left side of Configuration Manager.
_________________
~ Patronsoft Limited ~

[JaxJoe]

Ok, rebuilt my server and it is working fine. I have an issue when I assign a proxy to the system though.

example: Company uses "ScanSafe" to block malicious and unauthorized sites.

This software runs on a few internal servers and if they fail, they can be pointed to public scansafe servers. Each of these ports for proxy reside on port 8080.

If I turn port 80 proxy on, point to internal server ip, port 8080, after I log in, the page just comes back immediately blank. The request goues out from my 'internet facing ip' to the proxy server on port 8080 as I watch the firewall but the page comes up immediately blank.

Any ideas? If I get this working properly, you will have a new customer

[alan]

For http proxy support, you need to:

1) Setup "Use proxy for port 80 (http) connection" under Dispatcher (Main) correctly. Note that this feature is only available in the new v7

2) the client PC needs to have proxy disabled under Internet Options -> Connections -> LAN settings

Note that your ScanSafe may run under "transparent proxy" mode. In this case, from FirstSpot point of view this is really just a normal Internet connection (i.e. no need to setup the above point 1 setting).
_________________
~ Patronsoft Limited ~

[JaxJoe]

1. I am using v7
- My proxy port is 8080 (which is in the port line)

2. Proxy is disabled in the internet connections.

Same thing. I ran a debug on ScanSafe and it is showing the connection but the payload is 0.

[alan]

Can you post your config.ini file under Firstspot directrory here?
_________________
~ Patronsoft Limited ~

[JaxJoe]

Disregard for the moment...

Proxy use of our internal server does not send info back to FirstSpot Server. If I use ScanSafe Public proxy, pages resolve fine. This is obviously not a FirstSpot issue. Thank you for your time in this!

[JaxJoe]

Last remark....

Is there a way to include ip addresses or ranges to be excluded by the proxy forward? This is the last hurdle.

[alan]

I need to confirm internally, but please try to use the "IP Block List" feature under Configuration Manager -> Access Control. Refer to chapter 3 of firstspot_guide.pdf for details.
_________________
~ Patronsoft Limited ~

[alan]

Confirmed. "IP Block List" should work with "Use proxy for port 80 (http) connection" in the new v7.
_________________
~ Patronsoft Limited ~