Captive Portal / Hotspot firewall recommendation

[Valnar]

I need a firewall that will do a simple captive portal / hotspot authentication web page. It cannot be m0n0wall or pfSense. We've been using m0n0wall for years and I just want to try something else more robust. m0n0wall's NAT/FW/PPTP/GRE/VPN unfriendliness causes me problems and for the most part, visitors on my company's network do a lot of VPN.

I am open to firewalls that cost money. Sonicwall, Juniper or another open-source FW, etc.

 

[YeOldeStonecat]

Curious, regarding PFSense, what the PPTP VPN limitation was for you, they fixed a lot with 1.3..have you tried that yet?
Untangle released a Captive Portal feature......but it's more for accepting terms of use/compliance...rather than "hotspot" like. What are your hotspot needs?

 

[keenan]

Also pfSense 2.0 is not 'stable' yet, but I have found it to be fairly solid aside from a few minor features that aren't quite working yet. Captive portal is improved a lot with voucher-based, time-limited logins, per-user bandwidth limit and a bunch of other nifty stuff. As far as I've been able to tell, all the basic routing, load balancing, captive portal, IPsec and everything I actually use has been working very solid since January or so.

Worth a look. Also curious what problems you've been having. The PPTP(GRE)-behind-NAT problem is generic to all NAT solutions. Might be possible to do an application-layer hack to fix it, but I'd suspect that few other solutions implement this either.

 

[Valnar]

I only used m0n0wall. I know that pfSense is based on newer versions of BSD, but I wanted to move away from BSD just for this application.

I thought about Untangle. The firewall sucks, but I could always put it in transparent mode behind our corporate firewall (Checkpoint) just for the authentication. I only need something simple for a guest wireless SSID, which is enabled via our Cisco LWAPP solution.