When the Captive Portal is in Bridge Mode and attached to a WAN interface (ETH00), does that mean the clients of all the other Ports (ETH01, ETH02, ETH03, VPN99 ext…) will have to log into the Captive Portal to have access to the Internet?
SIDD (GUEST) is unencrypted, the Captive Portal is attached to its interface (ETH0?) and User accounts are already setup.
Once a WLAN client authenticates through the Captive Portal, is their Browsing Secure (Encrypted)?
Is FTP (Port 21) or any other un-encrypted communication secured, since the user has already authenticated and a certificate has been passed between server and client?
The captive portal gateway uses TLS/SSL to create an encrypted tunnel to transport the username and password involved during the authentication process. After this step, all traffic is not encrypted.
If you want your wireless traffic is encrypted you should set the access points to use WPA/WPA2.