Endian Firewall Reference Manual r. 2.2.1.9

Copyright (c) 2008 Endian srl, Italy.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

Chapter 8: The Hotspot Menu

Select Hotspot from the menu bar at the top of the screen.

Endian Hotspot is a powerful hotspot that can be used for wireless connections as well as for wired LAN connections. The hotspot's captive portal will capture all connections passing through the BLUE zone, no matter what device they come from. Therefore the hotspot does not work if the BLUE zone is disabled.

The hotspot can be enabled or disabled by clicking on the main switch on this page. If the hotspot is enabled a link to its administration interface is shown. Clicking on the link opens a new browser window with the hotspot administration interface.
Although this interface shares its design with the firewall, it contains a whole new menu structure.

Hotspot

This section includes subpages to manage accounts, tickets and ticket rates. Statistics can be viewed as well as current and previous connections. Finally it is possible to change the hotspot's settings here.

Accounts

On this page it is possible to administer user accounts. By default a list of available accounts is shown. This list can be sorted by Username/MAC, Name, Creation date or by the date until which the user account is valid. It is also possible to reverse the sort order by checking Reverse Order and to Hide disabled accounts as well as to search for accounts. Pagination is also available if the number of results exceeds the number of results per page that has been defined in Hotspot, Settings.
Every user can be edited by clicking on the Edit link in his row (for details see Hotspot, Accounts, Add new account). Tickets can be added to accounts by clicking on the Add ticket link. It is also possible to view the balance and the connection log of an account by clicking on the Balance and Connections links respectively.

Add a new account

On this page you can create a new account or an existing account can be modified. The information is split into two parts: Login information and Account information. To create an account you can fill the following fields:

Login information

Username - In this field you have to enter the username.
Password - In this field you can enter the password for the new account. If you do not have the time to think of an adequate password just leave this field empty and the password will be autogenerated.
Valid until - The date until the account will be valid. If you want to change it you can either enter the new date manually or click on the ... button and select the new date from the calendar popup.
Active? - This checkbox specifies if the account is enabled or not. If this is ticked on the account is active. If you want to disable a user tick this checkbox off.
Language - Here you can select the user's native language if available. Otherwise English should be a good choice.
Bandwidth limiting - If you do not want to use default values here you can tick the checkbox and specify an upload and download limit for the account in kb/s.
Static IP address - If you want this account to always use the same IP address you can tick this checkbox and enter the IP address you want.

Account information

Title - The person's title (e.g. Mrs., Dr.)
Firstname - The user's first name.
Lastname - The user's last name.
Country - The country the user comes from.
City - The city or town the user comes from.
ZIP - The ZIP of the user's hometown.
Street - The street in which the user lives.
City of birth - The city or town in which the user was born.
Birthdate - The user's birthdate.
Document ID - The ID of the document that has been used to identify the user.
Document Type - The type of document that has been used to identify the user.
Document issued by - The issuer of the document (e.g. City of New York)
Description - Additional description for the account.

The account information is stored by clicking on the Save button below the form. When editing an existing user it is also possible to print the user information by clicking on the Print button.

On the right side of the screen you will notice the Tickets section. If you want to add a new ticket to the user just select the appropriate ticket-type and hit the Add button. Below you will notice a list of all tickets for this user with the following information:

Ticket Type - The type of the ticket
Creation date - The date on which the ticket has been created
Action - If the ticket has not yet been used you will be able to Delete it here by clicking on the appropriate link.
Add MAC-based account

This page is used just like the Hotspot, Accounts, Add new account page. The only difference is that for this type of accounts username and password are not needed. Instead the MAC-Address of a computer's network interface is entered and will be used to identify the account.

Import Accounts

It is possible to import accounts from a CSV (comma separated values) file. By clicking on the Browse.. button a file selection dialog is opened. After you have selected the file you can specify whether The first line of the CSV file contains the column titles by ticking or not ticking the checkbox. You should also add a Delimiter in the appropriate field. Usually a delimiter is either a semicolon (;) or a comma (,). If you do not specify a delimiter the system will automatically try to figure out which character has been used as the delimiter. To finally import the CSV file you must click on the Import accounts. button.

Export Accounts as CSV

When you click on this link a download dialog will be opened. The download is a CSV file that contains all the account data and can later be re-imported from the Hotspot, Accounts, Import Accounts page.

Quick Ticket

On this page you can create a new user account with a ticket of your choice already assigned. The username and password are automatically generated. All you have to do is click on the ticket rate you wish to use and the user will be created. The Username, Password and Rate are then displayed on the screen. It is also possible to print this information by clicking on the Print information button.

Ticket rates

Endian Firewall gives you the possibility to specify more than one ticket rate. You can even specify if you want a rate to be post-paid or pre-paid. It is also possible to create different rates for both types. This is useful if you want to sell different pre-paid types e.g. 4 pre-paid 15 minutes tickets should be more expensive than 1 pre-paid 1 hour ticket.
When opening the page a list with all defined ticket rates is shown. In this list you can see the different ticket rates, the following are the columns:

Name - The name you gave to the ticket rate.
Code - This is the ASA code for your ticket rate. Although this can be used only for the ASA hotel management system the field is mandatory.
Hourly Price - This is the hourly price you have specified.
Actions - Here you can choose to Edit or Delete a ticket rate by clicking on the respective link.

When editing or adding a ticket rate the Rate Name, Rate Code (ASA), Unit minutes (duration of one unit of this rate in minutes) and the Hourly price of this unit have to be specified. To save the ticket rate click on the Save button.
The price per unit is calculated from unit minutes and the hourly price.

Statistics

On this page you can see statistics about the hotspot usage and accounting information.

Filter Period

This is the standard view. It shows a list of accounts and the following data for each account:

Username - The username or MAC address of the account.
Amount used - The amount of money that has been used by this account.
Payed - The money that this user has already paid.
Duration - The duration that this user has been connected to the hotspot.
Traffic - The traffic that has been created by this account.

At the bottom of the page a summary over all accounts is shown.
At the top of the page it is possible to enter a start and an end date. By entering these dates into the From and Filter button the page will be reloaded with statistics between these two dates only.
Clicking on a username opens a page with details about the unpaid connections of this user. If a user pays, it is enough to enter the amount of money he paid into the Amount field and click on the Bill button. It is also possible to print these statistics by clicking on the >>> Print button.

Open Accounting Items

This page displays a list of statistics like Hotspot, Statistics, Filter Periods but with one additional column. The Amount to pay column shows the amount of money for each account that has not been paid yet.

Active Connections

On this page you can see all currently active connections on the hotspot. The list contains the following columns:

Username - The username of the connected account.
Description - The description of the connected account.
Authenticated - Shows whether the connection is authenticated or not.
Duration - The amount of time since this connection has been established.
IDLE Time - The amount of time that the account has been connected without packets from this account passing through the hotspot.
IP Address - The IP address that is connected to the hotspot.
MAC Address - The MAC address of the connected interface.
Action - Every active connection can be closed by clicking on the Close link in this column.

Connection Log

On this page it is possible to see and filter previous connections. Like in the Hotspot, Active Connections page the list contains various columns. The columns are:

Username - The username of the connection.
IP Address - The IP address that was used for the connection.
MAC Address - The MAC address of the connected interface.
Connection Start - The start time of the connection.
Connection Stop - The end time of the connection.
Download - The amount of data that has been downloaded during this connection.
Upload - The amount of data that has been uploaded during this connection.
Duration - The duration of the connection.

The list can be sorted by any of these columns by selecting the respective entry from the Sort by select box. The sort order can be reversed by ticking the Reverse Order checkbox. It is also possible to filter connections by entering a Start Date or an End Date in the respective fields an then clicking on the Filter button.
If more results than specified in Hotspot, Settings are found, pagination is enabled and you can browse through the pages by clicking on the First, Previous, Next and Last links above the list.

Export as CSV

The connection logs can be downloaded by clicking on the Export as CSV link. The download is in CSV format and contains all relevant information.

Settings

On this page it is possible to change the hotspot's settings. The page contains two subpages for System settings and settings regarding the different Languages.

System

This page consists of two subsections. The first subsection is called Global Settings. This subsection lets you define default values for connections as well as for the administration interface.

Homepage after successful login - This lets you specify which page to open after a user has logged in successfully.
Currency - Here you can specify the symbol of your currency.
Logout user on Idle-Timeout - In this dropdown you can select after how many minutes a user will be logged out when inactive.
Default account lifetime - Here you can enter the number of days an account will be valid by default.
Items per page - This value defines how many items will be displayed on each page in the hotspot administration interface.
Bandwidth limiting - This option lets you specify the default upload and download limits per user in kb/s. If these fields are left empty no limit is applied.

The second subsection is called Endian Hotspot API. If you want to integrate the hotspot of Endian Firewall into an already existing system of yours, you can set the parameters here.

Mode - Here you can choose whether your system uses Endian's Generic API/JSON interface or the ASA jHotel interface. The ASA jHotel interface is only needed by hotels that use the ASA jHotel hotel management software whereas the generic API can be implemented in other software systems.
The other options depend on the selection you made here.
API enabled - This option is only visible if you chose Generic API/JSON in the selectbox above. The API is enabled if this checkbox is ticked.
Accounting URL - This option is only visible if you chose Generic API/JSON in the selectbox above. The hotspot will send accounting information to this URL. If you do not want the hotspot to handle accounting you can leave this field empty.
Accounting URL requires HTTP Authentication - This option is only visible if you chose Generic API/JSON in the selectbox above. If the URL you provided above requires HTTP authentication you must tick this checkbox. Two new textfields will appear where you can enter the Username and Password respectively.
ASA jHotel Interface enabled - This option is only visible if you chose ASA jHotel in the selectbox above. By ticking this checkbox you can enable the ASA jHotel interface.
ASA jHotel URL - This option is only visible if you chose ASA jHotel in the selectbox above. Here you can enter the URL of your ASA jHotel interface.
Allow guest registration (SelfService) - This option is only visible if you chose ASA jHotel in the selectbox above. If the hotel guests should be able to register themselves this checkbox has to be ticked.
Guest registration default rate - This option is only visible if you chose ASA jHotel in the selectbox above. In this selectbox you can select the default rate that will be applied to new accounts.

Finally the options can be saved by clicking on the Save button.

Languages

On this page all language-dependent options can be set.
In the first section (Supported Languages) of this page it is possible to choose the Supported Languages for your hotspot. The languages must be selected in the multi-select box and then saved by clicking on the Store button.
In the second section (Templates) it is possible to modify the two templates (Welcome Page, Account Print) for every language. The language can be chosen in the Edit language selectbox whereas the template type can be selected from the Template selectbox. The Welcome Page template is presented to the user before logging in while the Account Print template is printed and handed out to the users after their registration.
The content of the templates can be changed with the help of a fully featured WYSIWYG (what you see is what you get) editor. In the Account Print template it is also possible to use placeholders which will then be replaced with real data when a user is registered.
The templates can be saved by clicking on the Store button below the editor.
The third section is called Strings and contains translations for strings that are used in the webinterface of the hotspot. The translations can be changed and new translations can be added. This is done by selecting the language from the Edit language selectbox and then filling out the textfields. The translations are saved by clicking on the Store button.

Account Print template placeholders:

$title - the title of the account holder
$firstname - the first name of the account holder
$lastname - the last name of the account holder
$username - the username of the account
$password - the password of the account

Dialin

On this page it is possible to see and manage the status of the uplinks like in the System, Home section.

Password

On this page you can change the password for the hotspot account. Just enter the password in the Password field and confirm it in the Again field. The password is stored after hitting the Save button.

Allowed sites

On this page you can define which sites should be accessible without being authenticated. You can also specify whether all IPs should be able to connect to the hotspot or just IPs that belong to the BLUE zone.
To allow connections from any IP it is necessary to tick the Enable AnyIP checkbox. Sites that can be accessed without authentication have to be entered in the textarea below. One site per line is allowed. A site can be a normal domain name or a string of the format protocol:IP[/mask]:port, e.g. www.endian.com or tcp:192.168.20.0/24:443.
The settings are stored after clicking on the Save button.