dom

Just to update this. I understand the reason behind this is to allow the captive portal to function. However, this should only apply when a captive portal is selected and then only allowing http(s). As the scan and any attempts on the AP are not logged via the cloud (That I could see) default blocking would make more sense.

Thank you very much for your response. I understand the route you have taken with regards to the Layer 2 but I think a better approach would have been to block everything unless a captive portal was specified in which case there is a valid reason to turn on. I will follow up on the forward link. I suspect I will have to…