User guide
Configuring Filtering Rules for a WM-AD
Summit WM20 User Guide, Software Release 4.2 127
NOTE
Administrators must ensure that the non-authenticated filter allows access to the corresponding authentication
server:
• Internal Captive Portal – IP address of the WM-AD interface
• External Captive Portal – IP address of external Captive Portal server
Non-authenticated Filter Examples
A basic non-authenticated filter for internal Captive Portal should have three rules, in the following
order:
NOTE
For external Captive Portal, an additional rule to Allow (in/out) access to the external Captive Portal authentication/
Web server is required.
If you place URLs in the header and footer of the Captive Portal page, you must explicitly allow access
to any URLs mentioned in the authentication's server page, such as:
● Internal Captive Portal – URLs referenced in a header or footer
● External Captive Portal – URLs mentioned in the page definition
Here is another example of a non-authenticated filter that adds two more filtering rules. The two
additional rules do the following:
● Deny access to a specific IP address.
● Allows only HTTP traffic.
Table 5: Non-authenticated filter example A
In Out Allow IP / Port Description
x x x IP address of default gateway
(WM-AD Interface IP)
Allow all incoming wireless devices access to the
default gateway of the WM-AD.
x x x IP address of the DNS Server Allow all incoming wireless devices access to the
DNS server of the WM-AD.
x x *.*.*.* Deny everything else.
Table 6: Non-authenticated filter example B
In Out Allow IP / Port Description
x x x IP address of the default
gateway
Allow all incoming wireless devices access to the
default gateway of the WM-AD.
x x x IP address of the DNS Server Allow all incoming wireless devices access to the DNS
server of the WM-AD.
x x [a specific IP address, or
address plus range]
Deny all traffic to a specific IP address, or to a
specific IP address range (such as:0/24).
x x *.*.*.*:80 Deny all port 80 (HTTP) traffic.
x x *.*.*.* Deny everything else.