Captivate Portal for one vlan with Cisco router as a gateway
Hello, I'd like to ask if it is possible to use pfSense Captivate Portal in the way that it is presented on the picture?
No. Traffic destined for the internet on VLAN 10 will never be going through pfSense.
Ok, so what should I change in my network topology to make my goal (to restrict internet access to vlan10)? Do I need to change the default gateway in client computers?
You probably need to make VLAN 10 a LAN on pfSense and put all the clients behind it. To activate the captive portal requests to port 80 need to be sent to the pfSense interface. This usually means it needs to be the default gateway of the clients.
If you put the pfSense WAN on VLAN 1 and LAN on VLAN 10 and let pfSense handle all the DHCP for VLAN 10 it would get you there. You should also be able to forward DHCP to another server if required.
You'll also probably want to disable NAT in pfSense (switch to manual outbound and delete all the NAT rules.)