Understanding Policy Groups

Policy Groups are one of the most powerful features within your CT dashboard. Combined with zones, they offer a simple, intuitive way to control access to your networks.

Policy Groups are a simple way to manage who can and can't connect to your WiFi.

Watch the video guide to learn more about policy groups here.

Once you've seen the video, learn what you can do with them.

Use Cases

Creating a policy to allow specific MAC addresses

If you're looking to block everyone and allow only your selected clients, create a whitelist firewall (layer3) policy and add your networks.

Head over to your clients and select the ones you want to add. To bulk add clients, you can use the API to create. The documentation for this can be found  here.

If none of your clients have connected, it's also possible to manually create them. Simply click the plus icon on the clients page and enter their mac address. You can also do this using the API. The docs for this are  here.

Please note, you should always protect your networks with a WPA2 password. Don't just rely on your whitelists.

Creating a policy to block clients from a network

If you want to disconnect and block a client from your network, create a blacklist policy and add the client to this policy. You cannot create a whitelist policy on the WiFi level.

A layer2 (wireless) policy will prevent the client from connecting to the physical WiFi network. A layer3 (firewall) policy will allow them to connect to the WiFi but not use the Internet or connect to other devices. We favour creating layer2 policies for this kind of rule.

Whitelisting Splash Clients

If you want specific clients to bypass your splash pages, you can create a rule that does this too. Simply create a policy group and assign the splash policy whitelist to it. 

You can also do this directly from the client's page. This will create a rule if you don't already have one. If you've already created a splash whitelist, it will add them to the group.

Viewing Clients in a Group Policy 

To view your clients, use the group policy filtering tool on the clients page. You can choose to display the policy each client is connected to by using the column select tool.

Technical Details and Gotchas

After you create a policy, it will not apply until you have added one or more clients. As soon as you add a client to a policy, your associated networks will be restarted. If you're connected to the network, you will be disconnected too.