System and method to configure a firewall for access to a captive network

What is claimed is: 1 . A system to support dynamic firewall configuration for Internet access through a captive network, comprising: a network appliance serving as an VPN gateway of a protected network and configured to create and utilize one or more templates to identify a set of commonly-used captive portals to allow only URL requests from one or more devices in the protected network to access; add one or more firewall rules to allow network traffic from the one or more devices in the protected network to be automatically routed to one of the commonly-used captive portals once the captive portals are identified; redirect users of the one or more devices in the protected network attempting to access Internet via the devices to the captive portal; establish a VPN tunnel between the VPN gateway and a remote VPN tunnel terminal point through the captive network over the Internet, wherein every device behind the VPN tunnel terminal point routes its traffic over the VPN tunnel; remove the firewall rules previously added so that all network traffic from the devices in the protected network is routed thereafter over the VPN tunnel once the VPN tunnel is established. 2 . The system of claim 1 , wherein: the captive network is a public Wi-Fi network that the users subscribe to or pay to access at a public location. 3 . The system of claim 1 , wherein: the network appliance is an x86 or ARM based device that is programmable, wherein the firewall rules are adjustable at runtime. 4 . The system of claim 1 , wherein: the captive portal is identified by one or more of IP address, DNS name, and a combination of attributes of an authorization server that runs the captive portal. 5 . The system of claim 1 , wherein: the VPN gateway is configured to conduct virus or malware scanning of all network traffic that comes to the captive portal. 6 . The system of claim 1 , wherein: the VPN gateway is configured to pre-scan the captive portal for specific URLs allowed to be accessed by the devices in the protected network. 7 . The system of claim 1 , wherein: the one or more templates utilized by the VPN gateway to identify the commonly-used captive portals are artificial intelligence (AI)-driven, wherein the templates predict the captive portals allowed and/or authorized to be accessed by the devices based on intelligence derived from sensory data collected from a variety of network environment sensors about the devices and/or their users. 8 . The system of claim 7 , wherein: each of the network environment sensors is configured to track one or more of properties, features and behaviors of one or more of the devices to be authorized to access the captive portal. 9 . The system of claim 7 , wherein: each of the network environment sensors is either be a separate or integrated component associated with one of the devices. 10 . The system of claim 7 , wherein: the sensory data collected by the network environment sensors about each of the devices and/or its user includes Wi-Fi hotspot search pattern and/or MAC address of the device. 11 . The system of claim 7 , wherein: the sensory data is further collected by another mobile device associated with a user of one of the devices, wherein the another mobile device transmits radio frequency (RF) signals. 12 . The system of claim 7 , wherein: the VPN gateway is configured to include a set of AI logic predicative of access control of the devices in the one or more templates based on the sensory data collected. 13 . The system of claim 12 , wherein: the VPN gateway is configured to automatically identify, authorize and track the devices and their users based on the AI-driven predicative templates. 14 . The system of claim 1 , wherein: the VPN gateway is configured to capture and replay communication of the devices with the captive portal in case the same captive portal is visited again. 15 . The system of claim 1 , wherein: the VPN gateway is configured to allow only one designated device in the protected network to access the captive portal before the VPN tunnel is established in order to leave rest of the devices in the protected network secure. 16 . The system of claim 15 , wherein: the VPN gateway is configured to allow the captive portal to continue communication to only the designated device after the VPN tunnel has been established. 17 . A method to support dynamic firewall configuration for Internet access through a captive network, comprising: creating and utilizing one or more templates to identify a set of commonly-used captive portals to allow only URL requests from one or more devices in the protected network; adding one or more firewall rules to allow network traffic from the one or more devices in the protected network to be automatically routed to one of the commonly-used captive portals for authentication once the captive portals are identified; redirecting users of the one or more devices in the protected network attempting to access Internet via the devices to the captive portal; establishing a VPN tunnel between the VPN gateway and a remote VPN tunnel terminal point through the captive network over the Internet, wherein every device behind the VPN tunnel terminal point routes its traffic over the VPN tunnel; removing the firewall rules previously added so that all network traffic from the devices in the protected network is routed thereafter over the VPN tunnel once the VPN tunnel is established. 18 . The method of claim 17 , wherein: the VPN gateway runs on a programmable network appliance, wherein the firewall rules are adjustable at runtime. 19 . The method of claim 17 , further comprising: identifying the captive portal by one or more of IP address, DNS name, and a combination of attributes of an authorization server that runs the captive portal. 20 . The method of claim 17 , further comprising: conducting virus or malware scanning of all network traffic that comes to the captive portal. 21 . The method of claim 17 , further comprising: pre-scanning the captive portal for specific URLs allowed to be accessed by the devices in the protected network for authentication. 22 . The method of claim 17 , wherein: the one or more templates utilized to identify the commonly-used captive portals are artificial intelligence (AI)-driven, wherein the templates predict the captive portals allowed and/or authorized to be accessed by the devices based on artificial intelligence derived from sensory data collected from a variety of network environment sensors about the devices and/or their users. 23 . The method of claim 22 , further comprising: tracking one or more of properties, features and behaviors of one or more of the devices to be authorized to access the captive portal via the network environment sensors. 24 . The method of claim 22 , further comprising: collecting the sensory data by another mobile device associated with a user of one of the devices, wherein the another mobile device transmits radio frequency (RF) signals. 25 . The method of claim 22 , further comprising: including a set of AI logic predicative of access control of the devices in the one or more templates based on the sensory data collected. 26 . The method of claim 25 , further comprising: automatically identifying, authorizing and tracking the devices and their users based on