Page 13 of 1313.4.2 Captive Portal (Crew Internet Access) DisabledIn order to use the router for web browsing without XWeb service, you must firstmodify the firewall to allow traffic. See Section 8.3 for details.With the firewall openand both the CaptivePortal and TransparentProxy disabled bydefault, any user onthe local network canbrowse the webwithout restrictions,limits, or, compression.All traffic goes straightto the Internet withoutany filtering.If you ENABLETransparent Proxy youcan apply somefiltering of content andwhitelist or blacklistdomains and URLs.With TransparentProxy ENABLED, datacan then take one ofthree paths:1. Non-http trafficbypasses the internalproxy server and goesstraight to the Internet:https, dns lookups, ftp,ping, scp, etc. Sincethe firewall rules are totally open there is nothing blocking full access to the Internet. You canlimit a user's access by Enabling the Captive Portal. See Chapter 5.1.2 for details.2. Traffic to a Whitelisted Host (See Section 5.2.2), including http, goes straight to the Internet,bypassing the internal proxy server. If you whitelist a webserver, that traffic goes straight to theInternet, bypassing the internal proxy server, so there is no filtering. Typically you would notwant to whitelist a webserver; however, you may want to whitelist a mail server, or a vpn. SeeChapter 5.1.1.3 for details.
