Portal - Cipafilter Documentation

Manual - Portal

The Cipafilter portal is a Web site that acts as a central point for Web-based authentication and SSL certificate installation. It can be accessed manually from any client which is proxying through the Cipafilter via portal.cipafilter.com; some users may also be redirected to the portal automatically (for authentication or other purposes) depending on the settings specified on the Web Filtering page.

The latter feature is particularly useful for mobile devices accessing the network through an organization's "BYOD" (bring your own device) policy — by enabling the portal for these devices, you can ensure that mobile users are aware of your network usage policy and the need to trust your Cipafilter's root CA for an optimal experience when SSL decryption is enabled.

By default, a user logging into the portal will authenticate that user's IP address for 12 hours. This time-out period can be adjusted from the Authentication section of the Web Filtering page, or within the group configuration sections of the Group Permissions page.

Authentication is a key aspect of the portal system, but it is not required — by enabling guest access (via the Require / Guest authentication mode), administrators can force users to the portal without actually requiring them to authenticate. This is useful if, for example, it is desired to show the network usage policy to all users.

The portal also provides an easy way for authorized personnel to re-authenticate with another account; this can be helpful if, for example, a teacher needs to use a computer which would otherwise be filtered according to the student policy.

Because clients are authorized by IP address, one user's authentication state can, in some configurations, carry over for the next user who accesses the same machine. One way to prevent this is to use the following log-out URL in a log-on script or as the client's default browser home page:


This URL immediately deauthorizes the client and then redirects the browser to the Web site specified by the optional request variable (http://google.com/, in this example).

Lastly, the portal's SSL guides (available at portal.cipafilter.com/ssl) provide detailed instructions for end users to trust the Cipafilter root CA, when one has been generated. The portal automatically detects the user's browser/platform and displays the appropriate guide.

Note: It is possible (and recommended) to install a custom certificate so that the captive portal can be reached via a different address than portal.cipafilter.com. For example, given the correct certificate, one could assign the portal the address portal.myschool.edu instead. See Portal Certificate (under Customization) for details.

    • Related Articles

    • Manual

      This article provides links to the individual sections of the Cipafilter product manual.  A PDF of the Cipafilter product manual is attached to this article. Introduction Interface Conventions Installation Status Management Users Hot Spare ...
    • Manual - Web Filtering

      The first thing to decide with regard to Web filtering is whether to run individual subnets in transparent or non-transparent (proxy server) mode. Transparent mode  — no client configuration is required, the Cipafilter simply intercepts all traffic ...
    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...
    • Manual - Introduction

      Cipafilter is a powerful routing platform capable of delivering an evolving tool set to protect your enterprise. Cipafilter's philosophy is to provide a cuing edge, well rounded, and aggressive network control solution to meet your current and future ...
    • Manual - Customization

      The Customization page provides the ability to customize the appearance and functionality of the captive portal and reject (block) page. Although it is not required, all of the text fields on this page accept raw HTML.  Advanced users may wish to ...