Open a web browser and log in to your pfSense Firewall interface.
Click Interfaces > Assignments on the top menu.
If you do not already have an interface for guest usage, create a new interface named GUEST with the available network port.
Take note of the MAC address of this interface; you'll need it later in this config. Click in to the GUEST interface to bring up the configuration screen. If this is an existing interface you may skip, else configure with:
Click Save to save.
Click Firewall > Rules on the top menu. Select the GUEST interface tab.
In order to allow pre-authentication traffic two rules must be created. Click the first Add button and configure with:
Click Save. Add another rule and configure with:
Click Save.
Click Services > DNS Resolver on the top menu. Ensure that the DNS resolver is enabled for the Network and Outgoing Network interfaces (either the GUEST interface or All interfaces) as the guest service requires this. Save and Apply if required.
Click Services > DHCP Server on the top menu. Under the GUEST tab, configure with:
Click Save.
Click System > User Manager on the top menu. Under the Authentication Servers tab, click Add and configure with:
Click Save and click Add. Configure with:
Click Save.
Click Services > Captive Portal on the top menu. Click Add and configure with:
Click Save and Continue and configure with:
Click Save. Next, click the Edit icon beside the newly created Captive Portal profile. Click the Allowed Hostnames tab and then Add. Add the required domains. Please refer to this list.
The configuration is now complete.