MikroTik Captive Portal/Radius Client behind Firewall

I currently have 8 remote offices where I am planning to put pfSense firewalls in place which provide Point-2-Point VPN connectivity to central office and DHCP/DNS at each location.

I was looking at using pfSense captive portal/radius client features but have been told that MikroTik is a much better solution.

Before I buy a device I would like to know which I should buy which would best fit my enviroment.

Can I use the MikroTik device as a Captive Portal/Radius client behind an existing network which already has DHCP provided by the existing firewall?

Ex.

Dumb Access Point (No security enabled) Connected to MikroTik device on Eth port. This port is set to make all connections go to Captive Portal page and auth against central Radius outside of network. DHCP to be handled by existing firewall.

Mikrotik device would be connected to firewall via switch so all devices would be on same subnet…

I am hoping it is very easy to do a proof of concept for my customer.

Which device should I get?
Is there a tutorial for this kind of setup?
I have been a pfSense user for many years but am interested in exploring the other options which are available.

Thanks,

Mark

The captive portal has to be the first layer three hop for the client, but anything could provide DHCP either directly connected or via relay. It’s hard to recommend a product without more specs such as required user counts and bandwidth.

each location has between 20-30 wireless users. Wifi access is for employees with laptops who need access to internet and network resources. Each location has from ADSL 768/6Mbit to T1 1.5 Mbit. Local network is 10/100.

Thanks,

Mark

Can anyone make a recommendation?

Hardware wise a 750G can do that. I’d get a 450G though - more pricey, but I’ve saved a lt of time and money in my life by having console ports available.