The Cipafilter portal is a Web site that acts as a central point for Web-based authentication and SSL certificate installation. It can be accessed manually from any client which is proxying through the Cipafilter via portal.cipafilter.com; some users may also be redirected to the portal automatically (for authentication or other purposes) depending on the settings specified on the Web Filtering
The latter feature is particularly useful for mobile devices accessing the network through an organization's "BYOD" (bring your own device) policy — by enabling the portal for these devices, you can ensure that mobile users are aware of your network usage policy and the need to trust your Cipafilter's root CA for an optimal experience when SSL decryption is enabled.
By default, a user logging into the portal will authenticate that user's IP address for 12 hours. This time-out period can be adjusted from the Authentication
section of the Web Filtering
page, or within the group configuration sections of the Group Permissions page.
Authentication is a key aspect of the portal system, but it is not required — by enabling guest access (via the Require / Guest
authentication mode), administrators can force users to the portal without actually requiring them to authenticate. This is useful if, for example, it is desired to show the network usage policy to all users.
The portal also provides an easy way for authorized personnel to re-authenticate with another account; this can be helpful if, for example, a teacher needs to use a computer which would otherwise be filtered according to the student policy.
Because clients are authorized by IP address, one user's authentication state can, in some configurations, carry over for the next user who accesses the same machine. One way to prevent this is to use the following log-out URL
in a log-on script or as the client's default browser home page:https://portal.cipafilter.com/?logout=true&request=http://google.com
This URL immediately deauthorizes the client and then redirects the browser to the Web site specified by the optional request
, in this example).
Lastly, the portal's SSL guides (available at portal.cipafilter.com/ssl
) provide detailed instructions for end users to trust the Cipafilter root CA, when one has been generated. The portal automatically detects the user's browser/platform and displays the appropriate guide.
Note: It is possible (and recommended) to install a custom certificate so that the captive portal can be reached via a different address than portal.cipafilter.com. For example, given the correct certificate, one could assign the portal the address portal.myschool.edu instead. See Portal Certificate
) for details.