Walled Garden
Manage hotspot walled garden rules to allow access to specific websites before customer login.
The Walled Garden feature controls which websites and services hotspot users can access before authenticating. This is essential for providing a functional captive portal experience — allowing access to payment gateways, the login page itself, and other required services.
Walled garden rules apply only to unauthenticated hotspot users. Once a user logs in, normal access policies take effect.
Overview
The WalledGardenController manages all walled garden rules for your hotspot infrastructure. Rules define which domains or IP addresses are accessible to users who have not yet completed the login process.
What is a Walled Garden
In a hotspot environment, users are typically blocked from all internet access until they authenticate through a captive portal. A walled garden is a curated list of exceptions — domains and IP addresses that remain accessible without authentication.
Common scenarios where walled garden entries are needed:
- The captive portal login page itself
- Payment gateway domains (so users can purchase access)
- DNS servers required for domain resolution
- Content delivery networks that serve the login page assets
- Your ISP's main website
Adding Allowed Domains
To add a new walled garden entry:
- Navigate to the hotspot walled garden settings.
- Add a new rule by specifying the domain name or IP address.
- Select the rule type:
| Rule Type | Example | Use Case |
|---|---|---|
| Domain | example.com |
Allows all traffic to the specified domain |
| Wildcard Domain | *.example.com |
Allows traffic to all subdomains |
| IP Address | 203.0.113.50 |
Allows traffic to a specific IP |
| IP Range / Subnet | 203.0.113.0/24 |
Allows traffic to an entire subnet |
- Save the rule. Changes may take a few moments to propagate to your network devices.
Adding too many domains to the walled garden can weaken the purpose of the captive portal. Only allow domains that are strictly necessary.
Managing Walled Garden Rules
From the management interface you can:
- Edit existing rules to update domains or IP addresses.
- Delete rules that are no longer needed.
- Enable/Disable individual rules without deleting them.
- Reorder rules if priority-based matching is configured.
Removing payment gateway domains from the walled garden will prevent unauthenticated users from completing online purchases for hotspot access.
Common Use Cases
Public Wi-Fi with Paid Access Allow payment gateways and the ISP portal so users can purchase a plan before gaining full access.
Hotel or Venue Wi-Fi Allow the venue's own website and booking portal while requiring authentication for general internet access.
Sponsored Access Landing Page Allow access to a sponsor's website as part of a promotional campaign, while keeping the rest of the internet gated behind login.
Periodically review your walled garden rules. Payment gateways and CDN providers occasionally change their domains or IP ranges, which can break the login flow if not updated.