Managed WiFi Hotspots Service

Freshtel’s Managed WiFi Hotspot service will help resolve the following business pains associated with Public Wi-Fi:-

1. The ex user can automatically be connected when they pass by the wifi area. How can we solve this issue?

2. Is it possible to allow system to automatic log out a user if the user downloads movie, you tube, …etc to ensure the line is always clear to others users?

3. To fix the guest usage by:-

a. ½ hour (automatically log-out) or

b. Fix by bandwidth (eg. 512Kbps max. per user)

The Objective:-

1. Avoid slow access by other users

2. Avoid user download the heavy stuff

However we must emphasized a Detailed Requirement Study needs to be undertaken and all parties to finalize and agree on all requirements. Also to ensure fast deployment, requirements must be kept simple & minimal.

PAINS What do you resolve from using us
1)‘My users always complain Internet slow & every time I increase Bandwidth, it’s never enough & it’s still slow!’

2)‘Some users are hogging the bandwidth & streaming High Definition video like forever at the expense of other users’

3)‘I need to manage the passwords manually & have to verbally inform the password to each user every time!’

4)‘My staff force have high turnover & each time the previous password is lost resulting in the user not able to access internet!’

5)‘I need to prevent users from surfing porn!’

1) Firewall

• Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic

• Able to limit simultaneous connections on a per-rule basis

• Option to log or not log traffic matching each rule.

• Packet normalization

2) Captive Portal

• Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.

Maximum concurrent connections – Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page

• Idle timeout – Disconnect clients who are idle for more than the defined number of minutes.

• Hard timeout – Force a disconnect of all clients after the defined number of minutes.

• Logon pop up window – Option to pop up a window with a log off button.

• URL Redirection – after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.

• MAC filtering – by default, filters using MAC addresses. If you have a subnet behind a router on a captive portal, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.

• Authentication options – There are three authentication options available

– No authentication – This means the user just clicks through your portal page without entering credentials

– Local user manager – A local user database can be configured and used for authentication.

– RADIUS authentication This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.

• RADIUS capabilities

– Forced re-authentication

– Able to send Accounting updates

• RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client’s MAC address as the user name and password.

• Allows configuration of redundant RADIUS servers.

• HTTP or HTTPS – The portal page can be configured to use either HTTP or HTTPS.

• Pass-through MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal.