What is the difference between the firewall and walled garden? Is the walled garden the firewall for hotspot access? I am having trouble with one customer saying he needs access to certain subnets and ports for work. Do I need to allow access in the firewall or the walled garden or both?
A Hotspot redirects all HTTP traffic to itself, and essentially proxies it. When you add rules for URLs, domain names, and resources under “/ip hotspot walled-garden” you’re telling that proxy process that if it sees requests for those resources it should fetch them even if the client isn’t logged in. If what the customer needs access to in an unauthenticated state is described in in layer 7 information such as URLs (“http://www.google.com”) then you should enter rules there.
When you enter rules under “/ip hotspot walled-garden ip” allowing access to resources by IP address or port (all tcp/25, or tcp/1.1.1.1:80) the Hotspot actually creates dynamic firewall filter rules permitting access in the Hotspot chains. You can look at them via “/ip firewall filter print all” after entering such walled garden entries. If what the customer needs access to in an unauthenticated state is described in layer 3/4 information such as IPs and ports then you should enter rules there.
In neither case should you add firewall rules.
Thanks.