FortiGate Captive Portal Configuration and Setup Guide

Author

Reads 870

Sleek white wireless router with four antennas emitting soft blue and pink light.
Credit: pexels.com, Sleek white wireless router with four antennas emitting soft blue and pink light.

To set up a FortiGate Captive Portal, you'll first need to create a new policy. This is done by navigating to the Policy & Objects section and clicking on the "New" button.

The policy type should be set to "Web Filter" and the policy name should be something descriptive, like "Captive Portal Policy".

In the policy settings, make sure to enable the "Web Filter" feature and select the appropriate profile.

A captive portal can be configured to authenticate users using a variety of methods, including HTTP, HTTPS, and even RADIUS.

Expand your knowledge: Web Portals Development

Configuring a Captive Portal

To configure a wired Captive Portal, you need to edit the interface configuration in System > Network > Interfaces and set Security Mode to Captive Portal. This is a crucial step that enables the Captive Portal feature.

The Captive Portal settings will also be available by editing the WiFi network interface in System > Network > Interfaces. You can configure a WiFi captive portal at the time that you create the SSID or edit the existing SSID.

Expand your knowledge: Configure Ips Fortigate

Credit: youtube.com, FortiGate Captive Portal Configuration

To configure a WiFi captive portal, go to WiFi Controller > WiFi Network > SSID and create or edit your SSID. Select Captive Portal as the Security Mode and choose the portal type, which can provide authentication and/or disclaimer, or perform user email address collection.

You can exempt certain devices from the captive portal by creating an exemption list. For example, a printer might need to access the Internet for firmware upgrades, so you can exempt all printers from authentication.

Here are the key steps to configure a WiFi captive portal:

  • Go to WiFi Controller > WiFi Network > SSID and create or edit your SSID.
  • Select Captive Portal as the Security Mode.
  • Choose the portal type.
  • Select permitted user groups.
  • Customize portal messages.
  • Exempt devices from the captive portal.

Note that the Use Groups from Policies option is not available in WiFi captive portals.

Portal Configuration Tips

To configure a captive portal, you need to set the security mode to Captive Portal on the interface configuration in System > Network > Interfaces.

You can configure a WiFi captive portal at the time that you create the SSID, or afterwards by editing the WiFi network interface in System > Network > Interfaces.

Credit: youtube.com, Configure Captive Portal FortiGate FortiOS 7.0.16

When setting up a captive portal, you can select the authentication method as Local (portal hosted on the FortiGate unit) or Remote (enter FQDN or IP address of external portal).

To configure a wired Captive Portal, you need to select Captive Portal in Security Mode and choose the authentication method, user groups, and exempt lists.

For a WiFi captive portal, you can select the portal type, user groups, and customize portal messages.

A captive portal requires all users on the interface to authenticate, but you can create an exemption list of devices that are not able to authenticate, such as printers.

To exempt devices from authentication, you can use the CLI and create a security-exempt-list.

Here's a summary of the steps to configure a captive portal:

Remember to configure the captive portal settings correctly to ensure seamless authentication for your users.

Portal Setup

To set up a captive portal on your FortiGate, you'll need to configure it on the network interface. This can be done in the System > Network > Interfaces section of the web-based manager. Select the interface where users will connect and set the Security Mode to Captive Portal.

Curious to learn more? Check out: WiFiDog Captive Portal

Credit: youtube.com, How to Configure External Captive Portal On Fortinet Fortigate Firewall

For a wired captive portal, you can choose between Authentication Portal Local, which hosts the portal on the FortiGate unit, or Remote, which requires an external portal's FQDN or IP address. You can also select permitted user groups or use groups from policies, but this option is not available for WiFi captive portals.

Exempt lists can be created to exclude certain devices from the captive portal authentication process. For example, a printer might need to access the Internet for firmware upgrades. Using the CLI, you can create an exemption list to exempt all printers from authentication.

To configure a WiFi captive portal, you'll need to create a WiFi SSID and set the Security Mode to Captive Portal in the WiFi Network > SSID section. You can also customize portal messages by clicking the link of the portal page you want to modify.

In some cases, you might need to exclude traffic from the captive portal, such as when devices are sitting across a L3 boundary. This can be achieved by creating a policy with the source interface as 'captiveportal' and the destination as 'WAN1 and WAN2' with source being 'all' and the user group of the FSSO.

Claire Beier

Senior Writer

Claire Beier is a seasoned writer with a passion for creating informative and engaging content. With a keen eye for detail and a talent for simplifying complex concepts, Claire has established herself as a go-to expert in the field of web development. Her articles on HTML elements have been widely praised for their clarity and accessibility.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.