I ask because I actually help run a lot of the security for a University, as well, albeit much smaller.  It looks like your current setup is based off snort.  If that's the case, is there any reason you could not use the snort module for pfSense and use that to do detection and control? The solution we're looking at will use MS-NAP and interact with Windows clients, which is about 90% of our students, to preemptively check their security.  Though, if you have more info on your setup, I'd love to know how it all works.  So feel free to PM me, as I don't want to derail this thread any more than I have already.  But we're an 8 person operation serving about 5,000 students across 4 primary campuses, so any input is always welcome.

no, when you upload it, it's stored in the config and written out with the proper name. There is a thread here on the forum with examples, it was just updated over the weekend. http://forum.pfsense.org/index.php/topic,26141.0.html

how are u able to do that, please can u give me what your setup looks like

let`s say that i dont want to execute custom commands. For example i want to let "no auth" on CP and do some scripts for check if a client is active or no and after that redirect them to the requested page!

Just fixed this on my system, added this line in the radius user and it worked great. WISPr-Bandwidth-Max-Up = 256,WISPr-Bandwidth-Max-Down = 512

I looked at the software and it appears that it is Windows-based.  Why would you use TekRADIUS instead of the built-in IAS/NPS?  Especially when it looks like the TekRADIUS software isn't being updated and is more difficult to set up.

What DNS server is being used by the clients? It should be using 192.168.1.1 as its DNS server. If you are using an external DNS server supplied directly to clients, you will need to add an IP bypass to the portal config for the DNS server IPs, or else the clients can't resolve DNS, which means they can't ever try to make the connection, let alone redirect. That may not be your issue, but it's one of the most common.

@jttodorov: WAN 62.xx.xx.xx room subnet 172.xx.xx.xx addtional anthenas 192.xx.xx.xx 172.xx.xx.xx uses WAN 62.xx.xx.xx without authentication 192.xx.xx.xx anthena users need authentication for internet through 62.xx.xx.xx How can I get the two subnets (172.xx.xx.xx and 192.xx.xx.xx) working? I think that can be managed through the firewall rules for PPTP VPN. Thank you in advance. Hi, Tu use CP on more than one interface you must go to PFS2.0. If I have get you idea correctly you wish to connect AP's this which are connected on 62.x.x.x by using PPTP to inside net, then use CP to control traffic from them. It will be much better if you create VLAN's, then put those AP's together on same (or different VLAN's to distinguish between AP for students and those for stuff) VLAN. PFS will be then between WAN and VLAN's inside campus. Each VLAN can have then different set of rules (firewall) and you can choose in what way will CP work on them. I hope that this is good explanation. Br Sasa

Only 2.0 can do that for you.

Services –> captive portal --> "allowed ip addresses"

Thanks