Non-authenticated Role Examples

The following table lists the rules that a basic non-authenticated role for internal Captive Portal should have, in the specified order:

Click to expand in new window

Non-authenticated Role Example A

In Out Allow IP / Port Description
x x x IP address of the captive portal Allow all incoming wireless devices access to the default gateway of the VNS.
x x x IP address of the DNS Server Allow all incoming wireless devices access to the DNS server of the VNS.
x x   *.*.*.*. Default access control action is to deny all.
Note

Note

For external Captive Portal, an additional rule to Allow (in/out) access to the external Captive Portal authentication/web server is required.

If you place URLs in the header and footer of the Captive Portal page, you must explicitly allow access to any URLs mentioned in the authentication server‘s page, such as:

The following table is another example of a non-authenticated filter that adds additional policy rules. The additional rules do the following:

Click to expand in new window

Non-authenticated Role Example B

In Out Allow IP / Port Description
x x x IP address of the default gateway Allow all incoming wireless devices access to the default gateway of the VNS.
x x x IP address of the DNS Server Allow all incoming wireless devices access to the DNS server of the VNS.
x x   [a specific IP address, or address plus range] Deny all traffic to a specific IP address, or to a specific IP address range (such as:0/24).
x x x *.*.*.*:80 Allow all port 80 (HTTP) traffic.
x x   *.*.*.*. Default access control action is to deny all.

Once a wireless device user has logged in on the Captive Portal page and has been authenticated by the RADIUS server, then the following rules apply: