Skip to main content
rmeyer-epik
rmeyer-epik
New Member
November 27, 2023
Solved

Captive Portal and Security

  • November 27, 2023
  • 4 replies
  • 6031 views

I have been asked to explore captive portal as an option for guests wireless, I see in the docs its OPEN (ie no encryption) for the initial connection. Does it ever flip to an encrypted channel post validation?

Best answer by rmeyer-epik

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

4 replies

mauromarme
Staff
mauromarme
Staff
November 27, 2023

Hello @rmeyer-epik 
Just to get more information about it.
Are you trying to configure Captive Portal hosted by the FortiGate or are you trying to use another option such as FortiAuthenticator or any other External Captive Portal provided by any AP on your network?

Thanks!

rmeyer-epik
rmeyer-epikAuthor
New Member
November 28, 2023

we are exploring a guest wifi where they put in some basic info to a portal and allow them through...the built in captive portal doesnt look like it will fit what mgmt is looking for, but the question is more gear to "once authenticated via the portal" is the connection secure/encrypted

ebilcari
Staff
ebilcari
Staff
November 28, 2023

Using only Captive portal will not offer any encryption for user's traffic. If the portal page is using https at least the login credentials are encrypted but the traffic later on is moved unencrypted over the air.

FGT also offers a mixed setup with PSK encryption and Portal authentication.

psk+portal.PNG

The guest account need to know the PSK in advance and their traffic will be encrypted using this key.

There is also the new "open" SSID in WPA3 OWE that offer encryption for every node without using a PSK which is secure and convenient for guest/portal users.

Emirjon
Sheikh
Staff
Sheikh
Staff
November 28, 2023

Hello @rmeyer-epik ,


There are other options as well e.g. FortiNAC, which can host portals for guest users.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/876616/guests-contractors

regards,

 

Sheikh

rmeyer-epik
rmeyer-epikAuthorAnswer
New Member
December 14, 2023

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

Terms & ConditionsAccessibility statement