Applies to: Sophos Home Premium and Free (Mac) -Mac OS 10.14+

Overview
This article addresses an issue where MacOS 10.14+ users may be unable to sign in to public or guest Wi-Fi Hotspots while using the Sophos Home software. 
Trying to log into a guest wifi may not display the login portal properly, preventing access. The message "A problem occurred. The web page couldn't be loaded." will appear.

What happened:
On MacOS 10.14.6 and 10.15.3, we have identified that, occasionally, the Guest Wifi Captive Portal will not load properly. Apple's Captive Portal checks if it has been intercepted, and if so, fails to load the guest wifi page.

We introduced changes to Sophos for Mac OS (version 2.2.5) , which detect this Captive Portal process and exclude it so that it is untouched.
In February 2020, Apple appears to have released an update that changed this behavior slightly. This results in a race condition which can result in the Sophos endpoint not excluding the required process.

We are currently working on solution for this issue.

Please, follow the below listed workarounds to alleviate the problem in the meantime:

Workaround Instructions:

Option 1 -  Open a browser window and visit http://captive.apple.com/hotspot-detect.html
This should allow you to connect to the portal.

Option 2. Restart PUA protection 

1. Log in to your Sophos Home Dashboard
2. Choose the desired computer and go to PROTECTION tab
3. Click on the Potentially Unwanted Application (PUA) Protection slider, to disable it (turns gray)
4. Allow a couple of minutes for the Sophos Home Shield to reflect  PUA is disabled (orange color)
5. Go back to the Dashboard and turn PUA protection back on -(blue position) 
6. Re-try accessing the Wifi portal 

Option 3. Access the login via page via Safari, by using terminal 

1. Open Finder. Search for and launch Terminal.
2. Type the following command: open -a "Safari" http://google.com
3. This will launch Safari and should display the Wi-Fi login page.

Option 4. Attempt to connect to the Wi-Fi hotspot through a different browser other than Safari

1. Make sure Safari is closed.
2. Navigate to a secure site such as https://google.com on another browser other than Safari. There will be a security error which is normal as the computer will not have that certificate.
3. Choose to continue and the Wi-Fi portal page should appear.

The below listed workarounds are for advanced users only:
(Ensure you have read the Additional Notes at the bottom of this article)

Option 4. Use a mobile device to determine the URL/IP Address of the Wi-Fi Hotspot login page and add an exception under Sophos Home web protection

1. First, you need to determine what is the URL/IP address of the Hotspot login page. The easiest way to do this is to try to connect with a mobile device. Look at the address bar of the browser connecting and note the URL/IP Address
2. Log in your Sophos Home Dashboard and add the URL/IP address noted in step 1 as a Website exception. 

Note: When adding the Web Exception, you should only include the domain or IP address. For example, if the URL = https://companyfreewifi.com/login you would add https://companyfreewifi.com leaving out anything after the domain.

Option 5. Use Terminal to determine the URL/IP Address of the Wi-Fi Hotspot login page and add an exception under Sophos Home web protection

1. To determine the URL/IP Address, open Finder and navigate to Applications > Utilities and launch Terminal.
2. Run the following command: sudo tcpdump -vv | grep href* and minimize terminal. Now try to connect to the Wi-Fi login page through a browser. Pop up your terminal window again and you should see the address it attempted to connect to. See example below:
3. Log in your Sophos Home Dashboard and add the URL/IP address noted in step 1 as a Website exception. 

Note: When adding the Web Exception, you should only include the domain or IP address. For example using the URL noted above, we would add http://10.255.0.1:4501

Additional Note: Web exceptions will only work if the system is connected to the internet.

• If you have only Safari, copy the link from the output in the terminal and run the command open <URL> and it will open in Safari.
• In this example use the command open http://10.255.0.1:4501/index.cgi
• To make it simpler run the command sudo tcpdump -vv | grep href exit the dump using ctrl + c and type open <paste the URL> and hit ENTER or use the same URL in the Safari browser directly.