Allow unauthenticated internet access

  • Sorry if this is a simple question but I have no experience with captive portals.

    I am wondering if it is possible to allow users to choose 'unauthenticated access' which allows them to access internet resources but would not be able to access intranet resources.

    Maybe block access to our internal subnet addresses.  If they do need access to internal resources they could choose to login and authenticate against our Radius server.

    And if pfSense is unable to accomplish is there any method that would allow this?


  • Assuming the CP users are on a different subnet, on a separate interface or VLAN, you can do that just with firewall rules (with or without CP).