Block user to access cnmaestro on premises

Hello to everyone. We have the following issue. A policy on a implemented network is not allow the wireless users (VLAN B) to have access on cnmaestro on premises network (VLAN A). We created an access list on router side and easily we blocked this type of traffic. The problem is that now we have a request from our client side to make use of a captive portal with vouchers support. Of course cnmaestro on premises has this feature on board but at the same type we should remove the router’s access list in order to open the portal splash page. Is there any way to have portal’s spash page and at the same time to block users network to have access on the cnmaestro network ?

Block traffic on the SSID access list

If we block access on ssid , splash page will be blocked too…

Well, on the firewall you have to make a rule that blocks vlan to vlan traffic but allows traffic to one address and port on which cnamestro is standing.
Unfortunately, there is currently no way to create a separate ip address for the splash page.

I believe that this could not be done, because splash page and cnmaestro url access share the same combination of ip/port. So if i block to my users to having access on cnmastro UI i blocked the splash page too…

Haven’t tried this - just throwing things out there - what about a reverse proxy to a specific url (i.e the splash page)?