Walled garden for PayPal feature (web sites/domains to open)

Follow

The walled garden is a list of web sites/domains that end-users are able to visit without being authenticated.
To correctly configure the PayPal online payments feature, you must add the following domains in the Walled Garden. The payment is directly performed on the PayPal website, and no credit card data is stored or processed in our Solution.

Detailed instructions for each supported vendor are provided below.

 

Aerohive Networks

This information is not available at the moment.
 

Aruba Networks (Controller)

In the Configuration tab in the main page. Under Advanced Services, click Stateful Firewall and then choose the Destination tab. Then create a new destination profile.

After that you can click the profile and specify all the domains included.

Then in the Configuration tab on the main page. Under Security you have to click Authentication, and then choose the L3 Authentication tab.
By clicking the name of a profile you can also configure the walled garden for your device. You must add all the domain profiles created in the previous step.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Aruba Networks - IAP Mode

To configure the walled garden, it is necessary to access the Edit Captive WiFi > Security page in the web interface and then click the link next to the Walled garden label.

After that, add the domains to open under the Whitelist text box.



The domains to open are the following:

  • paypal.com
  • paypalobjects.com

Cisco (Controller)

This information is not available at the moment.

Cradlepoint

Please go in the main page of your local AP interface or the Cradlepoint ECM and click the System Settings menu dropdown. Then choose your hotspot service, scroll down to Allowed hosts/domains prior to Authentication and click on Add in order to insert a new domain.
 
it is necessary to add the following domains:
  • *paypal.com
  • *paypalobjects.com

DD-WRT

This information is not available at the moment.

Deliberant

To set up the Walled Garden, you must first access the Configuration > Wireless section and scroll down until the White list section is visible. Then, it is necessary to add the following:

  • paypal.com
  • paypalobjects.com

Please don't forget that it is mandatory to add "cloud4wi.com".

Endian

In order to set up the walled garden, you must access the HotSpot Settings section in the HotSpot top menu, select the Enable Hotspot option and then fill the Allowed Sites / Access section.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

EnGenius

In order to configure the walled garden it is necessary to enter the System > Hotspot Configuration page and then insert a whitespace-separated list of domains enclosed by quotation mark characters (" ") in the row where "HS_UAMALLOW" and "HS_UAMDOMAINS" attributes are.
Then you have to click Submit and reboot the device in menu System > Reboot.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Hewlett Packard (Cloud managed)

In Wireless Configuration > Networks, in the Security Tab, you can find the Walled Garden section. Here you can set the list of hosts or IP address ranges that are allowed to unauthenticated end-users.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Hewlett Packard (MSM series)

Please click Public access > Attributes > Configure Attributes on the top menu, to see the list of the existing RADIUS profiles. Choose your profile and add one "ACCESS-LIST" attribute for each URL exception that you are going to create. The value of the attribute is the following:

cloud4wi,ACCEPT,all,WALLEDGARDEN_URL,all

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

This means that the entries to add are:

Attribute Value
ACCESS-LIST cloud4wi,ACCEPT,all,paypal.com,all
ACCESS-LIST cloud4wi,ACCEPT,all,paypalobjects.com,all

 

Icomera Moovbox

This information is not available at the moment.

 

LigoWave VAC/LAC

In order to configure “Walled Garden” for social network, create access-rule for application in access policy. For this example, create access-rule with criteria to match domain-name of corresponding social website. Depending on customer location different domain and sub-domain need to be added under access rule.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com


Click Rights > Rights > Access Rules and add new rule. See screenshot below showing procedure to add facebook domain for social login.

Below screenshot list some common domain names defined under Access Rules.

Click Rights > Rights > Access Policy to add a new Access Policy and select corresponding Access rule that will allow user to website prior pre-authentication.

Click Rights > Rights > Rights Policy to assign newly created Access policy to your Splash Portal. See below screenshot for reference.

 

Meraki

In order to properly redirect end-users to PayPal web site, you must make a request to Meraki asking for the activation of the Walled Garden feature. This will allow to open not only host-names to end-users, but even IP address ranges (by using CIDR notation) and sub-domains (by using domain wildcards).

After the activation of this feature, a tip below the "Walled Garden" input will indicate the right syntax to enter new domains.


In case of PayPal, you must add the following entries, ordered by "provider":

  • paypal.com
  • *.paypal.com
  • paypalobjects.com
  • *.paypalobjects.com

 

Mikrotik

In the IP > HotSpot menu, open the Walled Garden tab and specify which sites the end-user will be able to visit without being authenticated.
It is mandatory to add the Splash Portal URL into this list (as described in the article Mikrotik devices and Cloud4Wi), otherwise the end-user will not be able to visit the authentication page.

The following is the complete list of rules to add:

ActionDst. HostDst. Port
allow splashportal.cloud4wi.com  
allow *.cloud4wi.com  
allow :^www\.paypal\.com$ 443
allow :^content\.paypalobjects\.com$ 443
allow *.akamaiedge.net  
allow paypal.112.2O7.net  


Nomadix

It is possible to set the list of web sites allowed also for unauthenticated end-users by accessing the Configuration > Passthrough Address Settings section. To enable this configuration it is necessary to check the Passthrough Addresses - Enable option.
Each URL can be added to this list by entering the correct value in the appropriate box and then clicking the Add button, and it must be entered without the http:// prefix (for example: www.facebook.com is correct; http://www.facebook.com/ is not correct).
To remove the URL that was previously added, you must re-enter it and then click the Remove button.
The domains to open are the following:

  • paypal.com
  • paypalobjects.com



Open-Mesh

In order to set up the Hotspot, it is necessary to access the SSID #1 section (or alternatively, the SSID #2 section) in the web interface and then add the Splash Portal URL and all the necessary domains separated by commas, as indicated below. You must select Chillispot Compatible checkbox.


The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Power Cloud Systems

In the Walled Garden section, for the selected zone, it is possible to set some hosts or IP address ranges that can be visited by end-users even without being authenticated. Below is the correct configuration in order to support PayPal payments.
The domains to open are the following:

  • paypal.com
  • paypalobjects.com




Ruckus Wireless - Controller Mode

Note:
It is strongly recommended to update devices to the last firmware version available: in fact, by using the version 9.8 or later of the firmware, it is possible to enter wildcard domains in the walled garden, making configuration easier.
The following information refers only to the firmware version 9.8 or later.

The walled garden can be configured by selecting the Configure tab in the main menu, accessing the Hotspot Service section and then selecting the Walled Garden subsection.

The domains to enter are the following:

  • paypal.com
  • *.paypal.com
  • paypalobjects.com
  • *.paypalobjects.com

 

Ruckus Wireless - Standalone Mode

This information is not available at the moment.

Ruckus Wireless SmartCell Gateway

By clicking the Configuration menu link, clicking on AP Zones and then WISPr (Hotspot) in the left sidebar, you can see the Walled Garden section.
The domains to enter are the following:

  • paypal.com
  • *.paypal.com
  • paypalobjects.com
  • *.paypalobjects.com

Samsung Controller

This information is not available at the moment.

Tanaza

In order to configure the walled garden, you must access the Configure > SSID page in the web interface and then click the name of the SSID that will be used as the HotSpot.
Then select the Wireless Security tab to add the domains to open in the Add custom domain/IP field.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

Teldat

This information is not available at the moment.

Ubiquiti Networks

This information is not available at the moment.

Wi-Next

In order to set up the Walled Garden, it is necessary to access the Services > Hotspot page in the web interface and add the domains in the Url allowed field.
The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Xclaim

In order to configure “Walled Garden” for social network, create access-rule for application in access policy. Depending on customer location different domain and sub-domain need to be added under access rule.

The domains to open are the following:

  • paypal.com
  • paypalobjects.com

 

Xirrus

In the Array AP you can find the WPR Whitelist Configuration section on SSID > SSID Management.

The domains to add are the following:

  • paypal.com
  • paypalobjects.com
Have more questions? Submit a request

Comments