The Kiwire Policy tab let you manage your overall network policy, from let you define Wallgarden, firewall , vlan policy and others.
Wallgarden let you predefine host or IP to be able to bypass the login page. In effect, the walled garden directs the user’s navigation within particular areas, to allow access to a selection of material, or prevent access to other material.

5.1 Configuration

This module you configure the default behaviour policy of the Kiwire System.

  • Sync Mikrotik Hotspot Active user with Kiwire Database
    – This will automatically synchronized actual connected user by mikrotik hotspot system with the record in kiwire radius, this is to prevent and lost packet
  • Auto Disconnect user connected session when same user relogin.
    – This will disconnect the user previous detected connection,this will prevent roaming ghost issue by some network.
  • Suspend Users Account when credit has been exhausted
    – This will suspend all user whose credit has been fully utilized. The policy will apply to archive and active database.

5.2 Firewall

This module you create new firewall rules. Such as block a user mac address which in effect blocks the user from accessing the network, Block TCP or UDP for block certain website or port from being accessible to the user. The policy can let you set it globally for all NAS/equipment or to a specific NAS equipment

Field Function
NAS Select “ALL” for a global blocking where the firewall rule will be applied to all or to a specific NAS
Host/Mac Hostname/Ip address or Mac address
*Note : the Mac addr format is xx:xx:xx:xx:xx:xx
Type Block this IP : Block the IP from user to access the IP or to the network.
Block Mac : Block the mac address from connecting to the network.
Block TCP : Block the TCP Port no from network
Block UDP : Block the UDP port no from network
Remark Description of the rules

5.3 Wallgarden

The Wallgarden module let you predefine host or IP to be able to bypass the login page. In effect, the walled garden directs the user’s navigation within particular areas, to allow access to a selection of material . This is useful for free marketing information or bypass user.

Field Function
NAS Select “ALL” for a global where the firewall rule will be apply to all or to a specific NAS
Destination Destination Host/domain or IP address that user can access without login
Remark Description of the rules

5.4 Mac Security

The mac security module let you control security policy based on Mac address of the devices. example only allowed devices with registered mac address to login using their own username


Mac Device Security Setting
Mac autologin Enable Mac auto-login feature that allow user to login
using their mac address that is associated with the user account
Mac Auto Register Enable Mac auto register will automatically register user device mac address into the account when there login using the user account given.
*note : if mac security is enabled, the mac auto register function will only work on 1st time the user login using the account subsequent login , user mac device will not be updated to the account
Mac Security This feature enable you to prevent user sharing their user account as it will only allow the associated mac device to login using the account, however if Mac auto register is enabled, it will automatically register the user mac address into the account if the account existing mac address record is empty.

5.5 DHCP

The dhcp module is used for assigning a static ip from the mac address when requested, the listing will list all static ip assignment created by administrator as well by system .







DHCP IP assignement Setting
Mac The mac address of the device
IP address The Ip address that need assign to

note : the follow are the example setting required on Mikrotik devices

dhcp_mik1[1] Make sure “Use RADIUS” is checked in the setting for the DHCP server under











[2] Make sure dhcp_mik2Radius server setting DHCP is checked.

under “RADIUS”








5.6 Radius Attribute

The Radius attribute let you assign additional vendor specific radius attribute to a specific plan. this is usefull if your NAS or device have a requirement of specific radius attribute to be send eg vlan tunnel , etc etc.









Field Function
Plan The Plan the attribute will be assign to
Attribute The attribute given , eg “Frame-Pool” for pool assignment
Operator := : add the item to the reply list.
= : Add item to reply list
*note refer to your vendor for the specific operator
Value Value of the attribute
Remark Remark

*Note: Please refer to your device vendor documentation for the correct attribute to be given.

5.7 VLAN restriction

The VLAN restriction module , let you apply policy to specific user account to be able to login to from specific location via the correspondent VLAN of the network.


Field Function
Available The current available vlan zone.
Restricted The restricted zone, that this restriction grouping will only be allowed to login from.
Group name The restricted group name.