Skip to main content
lalu
lalu
New Member
February 16, 2025
Question

Captive portal based on interface or policy - collect email

  • February 16, 2025
  • 2 replies
  • 1276 views

Hi all,

I have a situation where there is a Wi-Fi network with 45-50 non-Fortinet APs, meaning the APs can't communicate with the Fortigate Wi-Fi Controller.
On these APs, two SSIDs (with their respective VLANs) are defined: one for GUEST users and one for PREMIUM customers.

 

What we want to achieve

  • Replace the current gateway with something more robust, considering a Fortigate 121G.
  • Enable a captive portal for the GUEST network that requires users to enter their email (email collection).
  • Enable a captive portal for the PREMIUM network that requires authentication via username/password (using local users, FortiAuthenticator, or a RADIUS server)

Questions:

  • From the manuals, I saw that the type of captive portal must be defined in the SSID settings under "WiFi & Switch Controller."
    I read that it's possible to choose between Authentication, Email Collection, and other options.
    The issue is that we do not have Fortinet APs, so we cannot configure the SSIDs in this section.
    Is there a way to set the type of captive portal at the network/VLAN level?
    The idea is that if outbound traffic comes from the GUEST network, users will be asked to enter their email, whereas if the traffic is from the PREMIUM network, they will be prompted to enter a username and password.

  • Is it possible to use two types of captive portals (Authentication and Email Collection) simultaneously, one for each network?

Thank you and best regards,
Luca

2 replies

Anthony_E
Staff
Anthony_E
Staff
February 19, 2025

Hello Luca,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
February 20, 2025

Hi Luca,

 

To set up a captive portal to collect email addresses based on interface or policy:

 

  • Based on Interface:

Access the FortiGate GUI by navigating to WiFi & Switch Controller -> SSID and edit the SSID, select 'Captive Portal' as the Security Mode, choose 'Email Collection' as the Portal Type, customize the portal messages if needed and save the settings

 

  • Based on Policy:

Create a security policy that allows traffic from the WiFi SSID to the Internet interface for users providing a valid email address, and configure the policy to grant network access only to members of the 'Collected Emails' device group.

Ensure this policy is listed first to prioritize email collection and save the policy settings.

By setting up the captive portal and security policy accordingly, setting up a captive portal for email collection on a FortiGate device, it is possible t configure it based on either interface or policy.

 

For interface-based setup: 

  1. Access the FortiGate GUI.
  2. Navigate to WiFi & Switch Controller.
  3. Edit the SSID.
  4. Select 'Captive Portal' as the Security Mode.
  5. Choose 'Email Collection' as the Portal Type.

 

For policy-based setup:

  1. Create a security policy allowing traffic from the WiFi SSID to the Internet for users with valid email addresses.
  2. Prioritize this policy to ensure it is enforced.
  3. This configuration enables email collection for guest access.

 

Hope it will help.

 

Regards,

Best Regards
lalu
laluAuthor
New Member
February 28, 2025

Hello @Anthony_E,

I tried what you wrote, but:

I can't use the first option, the one related to the SSID interface, because, as I mentioned earlier, I don't have Fortinet Wi-Fi.

I tried configuring based on the policies, but I can't select Collect Emails.
Specifically, what needs to be done in point 1: "Create a security policy allowing traffic from the WiFi SSID to the Internet for users with valid email addresses"?

Thanks!

Best regards

Luca

Terms & ConditionsAccessibility statement