Captive portal

This section describes how to configure Captive portal rules. You configure them at the users captive-portal level. For more details on the command structure, see Configuring Rules Using UPL.

Captive portal rule parameters:

Parameter

Description

OK

PASS

Actions for a Captive portal rule:

  • OK: use authentication

  • PASS: do not use authentication

enabled

Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).

name

The name of the captive portal rule.

Example: name("Captive rule example").

desc

A description of the captive portal rule.

Example rule specification: desc("Captive portal rule example set via CLI").

profile

When using the Captive portal authentication, specify the Captive profile. Example: profile("Example Captive profile").

For more details about creating and configuring Captive profiles, see Configuring Captive Profiles.

rule_log

Enable/disable logging when a rule was triggered:

  • rule_log(yes) or rule_log(true)

  • rule_log(no) or rule_log(false)

If this parameter is not specified, logging is disabled.

src.zone

Source zone

To specify a source zone, such as Trusted: src.zone = Trusted.

For more details about how to configure zones using CLI, see the Zones section.

src.ip

Add source IP address or domain lists.

To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section.

To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section.

src.geoip

Source GeoIP. Specify a country code (for example, src.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! The maximum number of GeoIPs that can be specified is limited to 15.

dst.zone

Traffic destination zone.

To specify a destination zone, such as Untrusted: dst.zone = Untrusted.

For more details about how to configure zones using CLI, see the Zones section.

dst.ip

Add lists of destination IP addresses or domains.

To specify a list of IP addresses: dst.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section.

To specify a destination domain list: dst.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section.

dst.geoip

To specify a destination GeoIP, it is necessary to specify a country code (for example, dst.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! The maximum number of GeoIPs that can be specified is limited to 15.

category

Lists of categories and URL filtering categories for which the rule will be applied. You need to have the appropriate license for URL filtering.

To specify a URL category list: category = lib.category(). Specify the URL category list name in parentheses.

For more details about how to create and configure URL categories using CLI, see Configuring URL Categories.

To specify a URL category: category = "URL category name".

url

The URL lists to which the rule will be applied.

To specify a URL list: url = lib.url(). Specify a URL list name in parentheses.

time

Set a schedule for a rule.

To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets.

Example of creating and adding a captive portal rule using UPL:

Admin@nodename# create users captive-portal 1 upl-rule OK \ ...profile("New captive profile") \ ...rule_log(true) \ ...name("Captive portal rule new") \ ... Admin@nodename# show users captive-portal 1 % ----------------- 1 ----------------- OK \ rule_log(yes) \ profile("New captive profile") \ enabled(false) \ id("676df2b1-03e9-42b2-8375-0b8f78c4c47c") \ name("Captive portal rule new") Admin@nodename# set users captive-portal 1 upl-rule OK \ ...src.zone = Trusted \ ...dst.zone = Untrusted ... Admin@nodename# show users captive-portal 1 % ----------------- 1 ----------------- OK \ src.zone = Trusted \ dst.zone = Untrusted \ rule_log(yes) \ profile("New captive profile") \ enabled(false) \ id("676df2b1-03e9-42b2-8375-0b8f78c4c47c") \ name("Captive portal rule new")