When a captive portal is enabled on a network, a user trying to access that network will first be directed to a web page. That web page, at a minimum, will usually require the user to agree to the terms of service for a network, and may require some form of authentication. Although captive portals can be used with both wired and wireless networks, they are more commonly used to provide a gateway to a wireless network.

Implementing a captive portal is potentially beneficial for several reasons. First, they provide an easy way of separating guest traffic from other network traffic, thus keeping guests away from sensitive company data. Second, we can collect data on individual captive portal users, making it easy to identify users that are over-utilizing resources (for example, users downloading large files or constantly streaming video). The captive portal page is a good place to put your End User Licence Agreement (EULA); a captive portal user's assent to such an agreement potentially protects you or your company from legal liability. Finally, a captive portal page can be a good way to market your company's product to customers. You can place special offers on this page, as well as links to your company's social media pages.

pfSense provides several ways of implementing a captive portal on your network. You can have a captive portal page that does not require authentication. You can also perform authentication through either vouchers or the User Manager. Finally, you can perform authentication through a separate RADIUS server.