Technical Tip: Guest User Management account
Description
This article describes how to create a Guest Management account.
Scope
All FortiGates.
Solution
A temporary visitor to the premises will need a user account in the premise during the stay.
If there is a large event, such as a conference, there would be a need to create many temporary accounts for the attendees.
Usually, this kind of request is handled by the front-desk operator/receptionist.
For this, create a 'Restrict admin to guest account provisioning only' account to provision temporary accounts for the guest user.
The following example illustrates sending login details via SMS and Email.
Prerequisite.
SMS-Server.
config system sms-server
edit "SMS-Server"
set mail-server "IP/FQDN"
next
end
Email Service.
config system email-server
set server "IP/FQDN"
end
Configuration required in FortiGate related to this article.
For group, select the Guest type:
Toggle the options according to requirements.
For admin-accounts, make sure to toggle 'Restrict admin to guest account provisioning only'.
For policy, select the appropriate inbound interface and call the group 'GUEST-WIFI' with a specific source IP pool allocated.
Another option aside from specifying the group on the policy is by enabling Captive Portal for the inbound interface and selecting the 'GUEST-WIFI' group under the Restricted to Groups option.
Now, log in to the provisioning account and create a temporary account for the visitor.
Creating a visitor account.
Sending the Login details via SMS.
If SMS fails, the details can be given as a printout:
From the visitor's end, a login page will be prompted when attempting to access the internet.
After successful authentication, the guest user details will be available under User & Devices dashboard.
To check the expired duration left for this visitor account:
To expire guest users before timeout, de-authenticate the test user under the 'Firewall User Monitor' widget.
Related documents: