The Kiwire Policy tab let you manage your overall network policy, from let you define Wallgarden, firewall , vlan policy and others.
Wallgarden let you predefine host or IP to be able to bypass the login page. In effect, the walled garden directs the user’s navigation within particular areas, to allow access to a selection of material, or prevent access to other material.
This module you configure the default behaviour policy of the Kiwire System.
- Sync Mikrotik Hotspot Active user with Kiwire Database
– This will automatically synchronized actual connected user by mikrotik hotspot system with the record in kiwire radius, this is to prevent and lost packet
- Auto Disconnect user connected session when same user relogin.
– This will disconnect the user previous detected connection,this will prevent roaming ghost issue by some network.
- Suspend Users Account when credit has been exhausted
– This will suspend all user whose credit has been fully utilized. The policy will apply to archive and active database.
This module you create new firewall rules. Such as block a user mac address which in effect blocks the user from accessing the network, Block TCP or UDP for block certain website or port from being accessible to the user. The policy can let you set it globally for all NAS/equipment or to a specific NAS equipment
|NAS||Select “ALL” for a global blocking where the firewall rule will be applied to all or to a specific NAS|
|Host/Mac||Hostname/Ip address or Mac address
*Note : the Mac addr format is xx:xx:xx:xx:xx:xx
|Type||Block this IP : Block the IP from user to access the IP or to the network.
Block Mac : Block the mac address from connecting to the network.
Block TCP : Block the TCP Port no from network
Block UDP : Block the UDP port no from network
|Remark||Description of the rules|
The Wallgarden module let you predefine host or IP to be able to bypass the login page. In effect, the walled garden directs the user’s navigation within particular areas, to allow access to a selection of material . This is useful for free marketing information or bypass user.
|NAS||Select “ALL” for a global where the firewall rule will be apply to all or to a specific NAS|
|Destination||Destination Host/domain or IP address that user can access without login|
|Remark||Description of the rules|
5.4 Mac Security
The mac security module let you control security policy based on Mac address of the devices. example only allowed devices with registered mac address to login using their own username
|Mac Device Security Setting|
|Mac autologin||Enable Mac auto-login feature that allow user to login
using their mac address that is associated with the user account
|Mac Auto Register||Enable Mac auto register will automatically register user device mac address into the account when there login using the user account given.
*note : if mac security is enabled, the mac auto register function will only work on 1st time the user login using the account subsequent login , user mac device will not be updated to the account
|Mac Security||This feature enable you to prevent user sharing their user account as it will only allow the associated mac device to login using the account, however if Mac auto register is enabled, it will automatically register the user mac address into the account if the account existing mac address record is empty.|
The dhcp module is used for assigning a static ip from the mac address when requested, the listing will list all static ip assignment created by administrator as well by system .
|DHCP IP assignement Setting|
|Mac||The mac address of the device|
|IP address||The Ip address that need assign to|
note : the follow are the example setting required on Mikrotik devices
 Make sure “Use RADIUS” is checked in the setting for the DHCP server under
IP-> DHCP SERVER
 Make sure Radius server setting DHCP is checked.
5.6 Radius Attribute
The Radius attribute let you assign additional vendor specific radius attribute to a specific plan. this is usefull if your NAS or device have a requirement of specific radius attribute to be send eg vlan tunnel , etc etc.
|Plan||The Plan the attribute will be assign to|
|Attribute||The attribute given , eg “Frame-Pool” for pool assignment|
|Operator||:= : add the item to the reply list.
= : Add item to reply list
*note refer to your vendor for the specific operator
|Value||Value of the attribute|
*Note: Please refer to your device vendor documentation for the correct attribute to be given.
5.7 VLAN restriction
The VLAN restriction module , let you apply policy to specific user account to be able to login to from specific location via the correspondent VLAN of the network.
|Available||The current available vlan zone.|
|Restricted||The restricted zone, that this restriction grouping will only be allowed to login from.|
|Group name||The restricted group name.|