Quantcast
Channel: Fortinet Cookbook
Viewing all articles
Browse latest Browse all 690

Captive portal WiFi access control

$
0
0

In this recipe, you will configure the FortiGate for captive portal access so users can log on to your WiFi network.

You will create a user account (rgreen), add it to a user group (employees), create a captive portal SSID (example-staff), and configure a FortiAP unit. When the user attempts to browse the Internet, they will be redirected to the captive portal login page and asked to enter their username and password.

1. Creating the user

Go to User & Device > User Definition and create a Local user (rgreen).

Create additional users if needed, and assign any authentication methods.

2. Creating the user group

Go to User & Device > User Groups and create a user group (employees).

Add rgreen to the group.

3. Creating the SSID

Go to WiFi Controller > SSID and configure the wireless network.

Enter an Interface Name (example-wifi) and IP/Network Mask.

An address range under DHCP Server will be automatically configured.
Under WiFi Settings, enter an SSID name (example-staff), set Security Mode to Captive Portal, and add the employees user group.

4. Creating the security policy

Go to Policy & Objects > Addresses and create a new address for the SSID (example-wifi-net).

Set Subnet/IP Range to the same range set on the DHCP server in the previous step.

Set Interface to the SSID interface.

Go to Policy & Objects > IPv4 Policy and create a new policy for WiFi users to connect to the Internet.

Add both the example-wifi-net address and employees user group to Source.

5. Connecting and authorizing the FortiAP

Go to Network > Interfaces and edit an available interface.

Configure the interface so it is dedicated to extension devices, and assign it an IP address.

Connect the FortiAP unit to the configured interface, then go to WiFi Controller > Managed FortiAPs.

The FortiAP is listed, but its State shows a greyed-out question mark — this is because it is waiting for authorization.

Highlight the FortiAP and select Authorize.

The question mark is now replaced by a red down-arrow — this is because it is authorized, but still offline.

Go to WiFi Controller > FortiAP Profiles and edit the profile.

For each radio, enable Radio Resource Provision and select your SSID.

Go back to WiFi Controller > Managed FortiAPs to verify that the FortiAP unit is online.

6. Results

When a user attempts to connect to the wireless network, they will be redirected to the captive portal login screen.

Members of the employees group must enter their Username and Password. The user will then be redirected to the URL originally requested.

On the FortiGate, go to Monitor > WiFi Client Monitor to verify that the user is authenticated.
Some FortiGate models may show the GUI path as WiFi & Switch Controller.

The post Captive portal WiFi access control appeared first on Fortinet Cookbook.


Viewing all articles
Browse latest Browse all 690

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>