The following table lists the rules that a basic non-authenticated role for internal Captive Portal should have, in the specified order:
In | Out | Allow | IP / Port | Description |
---|---|---|---|---|
x | x | x | IP address of the captive portal | Allow all incoming wireless devices access to the default gateway of the VNS. |
x | x | x | IP address of the DNS Server | Allow all incoming wireless devices access to the DNS server of the VNS. |
x | x | *.*.*.*. | Default access control action is to deny all. |
Note
For external Captive Portal, an additional rule to Allow (in/out) access to the external Captive Portal authentication/web server is required.If you place URLs in the header and footer of the Captive Portal page, you must explicitly allow access to any URLs mentioned in the authentication server‘s page, such as:
The following table is another example of a non-authenticated filter that adds additional policy rules. The additional rules do the following:
In | Out | Allow | IP / Port | Description |
---|---|---|---|---|
x | x | x | IP address of the default gateway | Allow all incoming wireless devices access to the default gateway of the VNS. |
x | x | x | IP address of the DNS Server | Allow all incoming wireless devices access to the DNS server of the VNS. |
x | x | [a specific IP address, or address plus range] | Deny all traffic to a specific IP address, or to a specific IP address range (such as:0/24). | |
x | x | x | *.*.*.*:80 | Allow all port 80 (HTTP) traffic. |
x | x | *.*.*.*. | Default access control action is to deny all. |
Once a wireless device user has logged in on the Captive Portal page and has been authenticated by the RADIUS server, then the following rules apply: