Captive Portal authentication issue

Forum|Forum|5 years ago
September 14, 2020
2 replies
5131 views

Hi all,

We have Fortigate 60F with captive portal configured on one of the Port; We use Unifi as APs, See below my firewall settings for Captive portal:

config user setting set auth-timeout 1440 set auth-timeout-type hard-timeout set auth-lockout-duration 0 set auth-invalid-max 100 end

config user group edit "guest.Wifi" set group-type guest set authtimeout 0 set auth-concurrent-override enable set http-digest-realm '' end

The client do not want to re-authenticate after authentication was successful

Let say the guest account is set to expire in 120days, our client is looking for a solution where after successful authentication; the authenticated guest should remain active.

We try all the settings but could archive that goal.

The max session time out is set to 24hrs but not truth all the time; for some reason the guest have to authenticate many times between 24hrs and sometime stay connected for 24hrs.

We do not want to want to set the exempt source for some devices.\

Please help

xsilver_FTNT

Staff

Hi,

are you 100% sure you want to have 120 days authenticated session ?

To be honest, that sounds to me as security madness.

Have you heard about session hijacks and other possible misuse scenarios for active sessions?

If you want to pass someone/something through, basically unauthenticated, that's how 120 days sounds to me, then how about per MAC based or IP based exceptions?

Thinking of per MAC IP assignment via something like DHCP, or static map. Not trying to even think about DHCP or MAC address spoofing .. or other ways, just to keep sanity.

Eric_KomAuthor

New Member

I know it is a security madness.

The client is driving me made. We have explained to them that fortigate is a security device and therefore can not be implemented

Kind regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded