Device Configuration : Protect : Wireless : Hotspots : Add Hotspot
Add Hotspot
This page describes how to add a hotspot.
* A hotspot has to be assigned to an existing interface, typically a WLAN interface. All hosts using this interface will automatically be restricted by the hotspot. Therefore, before you create a hotspot you would typically create a wireless network with client traffic Separate Zone, then create an interface for the respective WLAN interface hardware. For more information see Device Configuration > Protect > Wireless > Wireless Networks .
1. Go to Device Configuration > Protect > Wireless > Hotspots and click Add.
2. Make the following settings:
Name
Enter a descriptive name for hotspot.
Description (optional)
Enter a description or other information.
Interfaces
Select or add the interfaces which are to be restricted by the hotspot. An interface can only be used by one hotspot.
* Hotspots will work only on LAN and DMZ member interfaces of the bridge. You should not select an uplink interface here because traffic to the Internet will completely be blocked afterwards. Additionally, we strongly advise against using interfaces used by servers which provide essential services like authentication. You may irreversibly lock yourself out of Sophos Firewall OS!
Users
Select or add users for administrative settings. Administrative users are allowed to create vouchers or change the password of the day in the User Portal. By default nobody is allowed to make administrative settings.
Application Filter Policy (optional)
Select or add an application filter policy for the hotspot.
Web Filter Policy (optional)
Select or add a web filter policy for the hotspot.
IPS Policies (optional)
Select or add IPS policies for the hotspot.
Traffic Shaping Policy (optional)
Select or add a traffic shaping policy for the hotspot.
Redirect to HTTPS (optional)
Enable to redirect users to HTTPS.
Hostname Type
Select the hostname type for the hotspot.
None (IP Address)
Custom hostname
Hostname
(if Custom hostname is selected)
Add a hostname for the redirect.
Hotspot Type
Select a hotspot type for the selected interfaces.
Terms of Use Acceptance Customers can access the Internet after accepting the terms of use.
Session Expires
Select the time span after which the access will expire. After that, with the hotspot type Terms of Use Acceptance, the users have to accept the terms of use again to log in. With the hotspot type Backend Authentication, the users have to authenticate again.
Terms of Use
Add the text to be displayed as terms of use. Simple HTML markup and hyperlinks are allowed.
Password of the Day A new password will be created automatically once a day. This password will be available in the User Portal on the Hotspots tab which is available to all users specified for this hotspot. Additionally it will be sent to the specified email address(es).
Password Creation Time
The assigned time of the day at which the new password will be created. At this time the former password will immediately get invalid and current sessions will be cut off.
Send Password by Email to (optional)
Add email addresses to which the password shall be sent.
Synchronize Password with PSK of Wireless Networks (optional)
Select this option to synchronize the new generated/saved password with wireless PSK.
*With the new PSK all APs that are configured with a separate zone wireless network that is also used as a hotspot interface will be reconfigured and restarted. This means all connections will be dropped.
Voucher With this hotspot type, in the User Portal tokens with different limitations and properties can be generated, printed and given to customers. After entering the code, the customers can then directly access the Internet.
Voucher Definitions
Add or select the voucher definitions you want to use for the hotspot. How to add a voucher definition is explained on the Voucher Definitions page.
Devices per Voucher
Enter the number of devices which are allowed to log in with one voucher during its lifetime. It is not recommended to use the unlimited entry.
Terms of Use
(not with hotspot type Terms of Use Acceptance:
Add the text to be displayed as terms of use. Simple HTML markup and hyperlinks are allowed.
Users Have to Accept Terms of Use
(not with hotspot type Terms of Use Acceptance):
Enable this option if you want the hotspot users to accept your terms of use before accessing the Internet.
Redirect to URL After Login
Enable, so that users will be redirected automatically to a particular URL after entering password or voucher data.URLs for example could be your hotel's website or a webpage stating your portal system policies.
URL
Enter URL to which the user will be redirected to.
3. Optionally, customize the hotspot.
Enable Customization
Enable to use a customized HTML file with your own images and stylesheets. Additionally, you can customize the voucher layout.
Customization Type
Select the customization type.
Basic Uses the default login page template. If required, change logo, title, and text.
Logo
Upload a logo for the login page. Supported image file types are jpg, jpeg, png and gif. A maximum image width of 300 px and height of 100 px is recommended (depending on the title length).
Scale Logo to Recommended Size
If selected, a logo exceeding the recommended width or height will be scaled down and displayed in the recommended size. If not selected, the logo will be displayed in the original size.
Title
Add a title for the login page. Simple HTML markup and hyperlinks are allowed.
Custom Text
Add an additional text for the login page. You can for example enter the SSID of the wireless network to be used. Simple HTML markup and hyperlinks are allowed.
Full Select an individual login HTML page.
Login Page Template
Select the HTML template you want to use for your individual login page. Clicking Browse... opens a window where you can select and upload the file. In this template, you can use variables that can dynamically insert information for each hotspot. For example, you can add the company name and administrator information, the terms of use and the login form. See detailed information in chapter Login Page Template.
Images/Stylesheet
Add files that are referenced in your login page template, e.g., images, stylesheets, or JavaScript files. Clicking Browse... opens a window where you can select and upload the files.
Voucher Template
(only with hotspot type Voucher): Clicking Browse...opens a dialog where you can select and upload a PDF file with the voucher layout. By default, a default template is used. The voucher PDF file has to be of PDF version PDF 1.5 or lower. It may have any page size and format—both size and format will be adjusted during voucher creation in the User Portal, depending on page size and number of vouchers per page specified there.
The PDF file may contain the following variables that will be replaced with the respective values during voucher generation in the User Portal:
Wireless network name (SSID): <?ssid0?> (and <?ssid1?>, <?ssid2?> and so on, if the WLAN has more than one SSIDs)
Wireless network password: <?psk0?> (and <?psk1?>, <?psk2?> and so on, if the WLAN has more than one SSIDs)
Voucher code: <?code?>
Voucher validity time: <?validity?>
Voucher data limit: <?datalimit?>
Voucher time limit: <?timelimit?>
Comment: <?comment?>
QR code with the hotspot access data encoded: <?qrX?>. The upper left corner of the QR code will be placed on the lower left corner of the variable.
* When using variables, the PDF file must include the entire character sets of the fonts used. When a variable is replaced by its value, and one of the substitute characters is not available, it will be displayed incorrectly. We recommend to add the string <?abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789?> (for English usage) to your PDF file, which will automatically be removed during voucher generation.
4. Click Save to save your settings.
 
The hotspot is now available and appears in the hotspot list.
You can see if the hotspot is running on the Monitor and Analyze > Diagnostics > Services page. There you can also stop or start the hotspot.