Glossary

Walled Garden

A walled garden, in captive-portal networking, is the allow-list of domains and IP addresses an unauthenticated guest device can reach before signing in - typically the splash page itself plus any social-login, payment, or asset domains the portal needs.

In captive-portal networking, a walled garden is the short allow-list of destinations a guest device can reach before it has signed in. Everything outside the list is blocked or redirected to the splash page. Without a walled garden the portal could not work at all: the guest has no internet yet, but their browser still needs to load the sign-in page and everything that page depends on.

What belongs in the walled garden

  • The portal itself - the domain serving the splash page, plus any CDN hosting its images, fonts and scripts.
  • Social login providers - the OAuth and asset domains for Facebook, Google and others, so social login can complete pre-authentication.
  • Payment gateways - Stripe or similar, when the portal sells paid WiFi plans.
  • Supporting services - real-time email validation APIs, the venue's privacy policy host, and terms pages.

Common failure modes

Most "broken portal" tickets are walled-garden gaps: the social login button spins forever (provider domain missing), the page loads without images (CDN missing), or card payment fails (gateway missing). Providers periodically change their domains, so social login that worked at install can break months later until the allow-list is updated. When debugging a portal, checking the walled garden comes first.

The other meaning of the term

Outside networking, "walled garden" describes closed platform ecosystems (an app store that controls what runs on a device, for example). The captive-portal usage is narrower and purely technical: a pre-authentication allow-list on a captive portal network.

Related

Related terms

Try CaptiFi free for 30 days

Capture guest emails, run automated email/SMS campaigns, and grow Google reviews - all from your existing WiFi.