The walled garden is a list of websites/domains that end-users are able to visit without being authenticated.
In order to correctly configure the PayPal online payments feature, it is necessary to add websites to the walled garden. The payment is directly performed on the PayPal website, and no credit card data is stored or processed in our Solution.
Detailed instructions for each supported vendor are provided below.
Aerohive Networks
Aruba Networks (Controller)
In the Configuration tab on the main page. Under Advanced Services, click Stateful Firewall and then choose the Destination tab. Then create a new destination profile.
After that, you can click the profile and specify all the domains included.
Then in the Configuration tab on the main page. Under Security, you have to click Authentication and then choose the L3 Authentication tab.
By clicking the name of a profile you can also configure the walled garden for your device. You must add all the domain profiles created in the previous step.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Aruba Networks - IAP Mode
To configure the walled garden, it is necessary to edit your network in the web interface, move to the Access tab.
On the left, you have to define Role-based access rules. Then create your role and define your rules like below:
- Allow any to all destinations
- Allow any to domain cloud4wi.com
Then add one entry per domain that you want to whitelist.
Finally, check Assign pre-authentication role and select the rule just defined.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Cambium Networks
You can configure the walled garden by opening Configure → WLAN in the navigation bar on the left and then going to the Guest Access tab.
Please note that it is mandatory to set the following entry: *.cloud4wi.com. Otherwise, the redirection to the Splash Page will not correctly work.
Then it is necessary to add the following domains:
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Cisco (Controller)
This information is not available at the moment.
Cradlepoint
- *paypal.com
- *paypalobjects.com
DD-WRT
Deliberant
To set up the walled garden, you must first access the Configuration > Wireless section and scroll down until the White list section is visible. Then, it is necessary to add the following:
- paypal.com
- paypalobjects.com
Please don't forget that it is mandatory to add "cloud4wi.com".
Endian
In order to set up the walled garden, you must access the HotSpot Settings section in the HotSpot top menu, select the Enable Hotspot option and then fill the Allowed Sites / Access section.
The domains to open are the following:
- paypal.com
- paypalobjects.com
EnGenius (Captive Portal ready)
In order to configure the walled garden, it is necessary to enter the System > Hotspot Configuration page and then insert a whitespace-separated list of domains enclosed by quotation mark characters (" ") in the row where "HS_UAMALLOW" and "HS_UAMDOMAINS" attributes are.
Then you have to click Submit and reboot the device in menu System > Reboot.
The domains to open are the following:
- paypal.com
- paypalobjects.com
EnGenius (ezMaster cloud controller)
Click on the menu HotSpot Service and then on Captive Portal.
Then, please find the Walled Garden section your Captive Portal profile. Here you can set some hosts or a range of IP addresses that can be visited by end-users even without being authenticated. You must enter a value or a set of comma-separated values.
It is necessary to add the following domains:
- *.paypal.com
- *.paypalobjects.com
Extreme Networks (EWC controller)
Configure your "Cloud Computing" group in the role for unauthenticated users, as described here.
Then add the following domains in the Custom Web Applications list:
- *.paypal.com
- *.paypalobjects.com
Extreme Networks (Vx9000 - Wing 5.8.x)
In the Configuration → Service section in the Basic Configuration tab, by scrolling down the form, you can find other parameters as shown in the picture below.
The DNS Whitelist parameter allows you to set the walled garden, that is a list of websites/domains that end-users are able to visit even without logging in to the Splash Page.
To update your walled garden list, you have to click on the button (ffff) and then manage your entries as shown in the picture below
The domains to open are the following (please use ports 80 and 443):
- paypal.com
- paypalobjects.com
Fortinet
This information is not available at the moment.
Hewlett Packard (Cloud managed)
In Wireless Configuration > Networks, in the Security Tab, you can find the Walled Garden section. Here you can set the list of hosts or IP address ranges that are allowed to unauthenticated end-users.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Hewlett Packard (MSM series)
Please click Public access > Attributes > Configure Attributes on the top menu, to see the list of the existing RADIUS profiles. Choose your profile and add one "ACCESS-LIST" attribute for each URL exception that you are going to create. The value of the attribute is the following:
cloud4wi,ACCEPT,all,WALLEDGARDEN_URL,all
The domains to open are the following:
- paypal.com
- paypalobjects.com
This means that the entries to add are:
Attribute | Value |
ACCESS-LIST | cloud4wi,ACCEPT,all,paypal.com,all |
ACCESS-LIST | cloud4wi,ACCEPT,all,paypalobjects.com,all |
Huawei
Please find the complete list of the domains:
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Icomera Moovbox
This information is not available at the moment.
IgniteNet
After clicking the menu HotSpot (Site Menu → Configuration → Advanced Setup → HotSpot) you are redirected to a new page where you can create a new profile.
Please find here the section called Auth Exceptions (Walled garden). Here it is possible to set some hosts or a range of IP addresses that can be visited by end-users even without being authenticated. You must enter a value or a set of comma-separated values.
It is necessary to add the following domains:
- paypal.com
- paypalobjects.com
LigoWave VAC/LAC
In order to configure the walled garden, create access-rule for application in access policy. For this example, create access-rule with criteria to match domain-name of corresponding social website. Depending on customer location different domain and sub-domain need to be added under access rule.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Click Rights > Rights > Access Rules and add new rule. See screenshot below showing procedure to add facebook domain for social login.
Below you can find a list containing some common domain names defined under Access Rules.
Click Rights > Rights > Access Policy to add a new Access Policy and select the corresponding Access rule in order to allow users to go to the website prior the authentication.
Click Rights > Rights > Rights Policy to assign newly created Access policy to your Splash Page. See below screenshot for reference.
Meraki
In order to properly redirect end-users to PayPal website, you must make a request to Meraki asking for the activation of the walled garden feature. This will allow to whitelist not only hostnames, but even IP address ranges (by using CIDR notation) and sub-domains (by using domain wildcards).
In case of PayPal, you must add the following entries, ordered by "provider":
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Mikrotik
In the IP > HotSpot menu, open the Walled Garden tab and specify which sites the end-user will be able to visit without being authenticated.
It is mandatory to add the Splash Page URL to this list (see Mikrotik). Otherwise, the end-user will not be able to visit the authentication page. Furthermore, you must allow the following Dst. Host values:
The following is the complete list of rules to add:
Action | Dst. Host | Dst. Port |
---|---|---|
allow | splashportal.cloud4wi.com | |
allow | *.cloud4wi.com | |
allow | :^www\.paypal\.com$ | 443 |
allow | :^content\.paypalobjects\.com$ | 443 |
allow | *.akamaiedge.net | |
allow | paypal.112.2O7.net |
Mojo Networks
By clicking on Mojo Wireless Manager, you will be redirected to the Configuration page.
Open to the Device Configuration tab and then click on SSID Profiles, then click on Add New Wi-Fi Profile and finally on the Captive Portal section.
Here you can find the section called Walled garden Sites.
To add a new entry, click on Add and enter Destinations and Default Ports. Then click on OK.
Please note that it is mandatory to set an entry for "cloud4wi.com", in order to ensure that the end-user is properly redirected to the Splash Page.
The domains to open are the following (please use ports 80 and 443):
- paypal.com
- paypalobjects.com
Nomadix
It is possible to set the list of websites allowed also for unauthenticated end-users by accessing the Configuration > Passthrough Address Settings section. To enable this configuration it is necessary to check the Passthrough Addresses - Enable option.
Each URL can be added to this list by entering the correct value in the appropriate box and then clicking the Add button, and it must be entered without the http:// prefix (for example: www.facebook.com is correct; http://www.facebook.com/ is not correct).
To remove the URL that was previously added, you must re-enter it and then click the Remove button.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Open-Mesh
In order to set up the Hotspot, it is necessary to access the SSID #1 section (or alternatively, the SSID #2 section) in the web interface and then add the Splash Page URL and all the necessary domains separated by commas, as indicated below.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Peplink
Go to Network -> Captive Portal find the Portal Access Settings > Allowed Networks section.
Add here the walled gardens in the format of domain name, IP address, or Network. Each element should be added on a separate line.
Please note that it is mandatory to include cloud4wi.com.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Power Cloud Systems
In the Walled Garden section, for the selected zone, it is possible to set some hosts or IP address ranges that can be visited by end-users even without being authenticated. Below is the correct configuration in order to support PayPal payments.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Ruckus Cloud
If you are configuring a new network, click on Networks in the left sidebar, click on Add Network and find the Walled Garden input textarea.
If you are configuring an existing network, click on Networks in the left sidebar, find your network, click on the Edit Network button and find the Walled Garden input textarea.
The domains to enter are the following:
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Ruckus Wireless - Controller Mode
Note:
It is strongly recommended to update devices to the last firmware version available: in fact, by using the version 9.8 or later of the firmware, it is possible to enter wildcard domains in the walled garden, making configuration easier.
The following information refers only to the firmware version 9.8 or later.
The walled garden can be configured by selecting the Configure tab in the main menu, accessing the Hotspot Service section and then selecting the Walled Garden subsection.
The domains to enter are the following:
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Ruckus Wireless - Standalone Mode
This information is not available at the moment.
Ruckus Wireless SmartCell Gateway
By clicking the Configuration menu link, clicking on AP Zones and then WISPr (Hotspot) in the left sidebar, you can see the Walled Garden section.
The domains to enter are the following:
- paypal.com
- *.paypal.com
- paypalobjects.com
- *.paypalobjects.com
Samsung Controller
This information is not available at the moment.
Tanaza
In order to configure the walled garden, you must access the Configure > SSID page in the web interface and then click the name of the SSID that will be used as the HotSpot.
Then select the Wireless Security tab to add the domains to open in the Add custom domain/IP field.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Teldat
This information is not available at the moment.
Teltonika
In the Walled Garden section, it is necessary to configure the following entries:
- paypal.com
- paypalobjects.com
Ubiquiti Networks – Controller
This information is not available at the moment.
Ubiquiti Networks – Standalone
This information is not available at the moment.
Wi-Next
In order to set up the walled garden, it is necessary to access the Services > Hotspot page in the web interface and add the domains in the Url allowed field.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Xclaim
In order to configure the walled garden for social network providers, create an access-rule in the access policies. Depending on customer location different domain and sub-domain need to be added under access rule.
The domains to open are the following:
- paypal.com
- paypalobjects.com
Xirrus
In the Array AP you can find the WPR Whitelist Configuration section on SSID > SSID Management.
The domains to add are the following:
- paypal.com
- paypalobjects.com