Walled Garden

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hi all,
I am developing a social login with a Aerohive AP Captive Portal. Is it possible to open the domain "facebook.com" in the walled garden of the captive portal or is it necessary to open IP by IP?
Photo of Davide Quadrini

Davide Quadrini

  • 4 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
You can create a firewall policy under the user profile, you allow Network services or Application services.

so all reading of facebook, but deny posting. Not sure if this is what you are looking for.

Walled Garden: A walled garden is an area of the network to which unregistered users are allowed access. If you redirect unregistered users to an external server, then you must include the IP address or domain name of that server in the walled garden. To create a walled garden, expand the section, click New, enter the following to define a rule permitting a type of service to a specific server or network segment, and then click Apply:

Server: This is the IP address or domain name of the external web server. Choose a previously defined IP address/host name object from the drop-down list, type a new IP address or domain name (up to 32 characters long), or click the New icon and define one.

Service: Choose Web to permit HTTP and HTTPS traffic from unregistered users to the external web server, choose All to permit all types of traffic, or choose Protocol and enter a protocol number and port number to define the type of service you want to permit.
Photo of Rensley Pereira

Rensley Pereira

  • 2 Posts
  • 0 Reply Likes
Any Update to this. The note above says we can enter Domain names, but there is no obvious option to enter domain names. Also, i somehow managed to enter domain names, but they would not be resolved and access is blocked.

Aerohive, is this feature fixed yet?
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
What they mean with domain name is a FQDN, unfortunately. So a domain name that resolves into an IP address, such as www.facebook.com. Just facebook.com will not work.
Photo of Rensley Pereira

Rensley Pereira

  • 2 Posts
  • 0 Reply Likes
the issue arises when domain names like www.facebook.com resolve to multiple IP addresses. and most social login sites have servers/CDN's all over the globe each with different chunks of IP blocks.