Skip to main content
memm
memm
New Member
February 19, 2023
Question

Fortigate/Forti AP hotspot sw

  • February 19, 2023
  • 3 replies
  • 3424 views

I have a new  customer with multiple small networks of FortiGate 60F  + FortiAP  (5 to 10 in each network).

He wants to limit wifi users either by time connected, hours/days/weeks, and/or traffic consumed.

Traffic must include all apps/protocols not get html traffic.

 

Is there a Fortinet product that can do this?

If not, is their a 3rd party product thats will do the job?

Of course as always cheaper is better.

 

Thanks.

 

 

3 replies

Anthony_E
Staff
Anthony_E
Staff
February 22, 2023

Hello memm,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
ebilcari
Staff
ebilcari
Staff
February 22, 2023

For that you will need an external RADIUS server that will do Accounting. This functions are covered by FortiAuthenticator you can read more about this feature here: https://docs.fortinet.com/document/fortiauthenticator/6.4.6/administration-guide/738461/usage-profile

Emirjon
memm
memmAuthor
New Member
February 24, 2023

We got a demo account for FortiAuthenticator to try out, seems to work quite well but we seem to have got stuck on the following:

 

When an account hits it's data usage limit during the defined 24 hour period how can it automatically reset when the 24 hours pass?

We basically want the data usage limit on the accounts to automatically reset each day.

 

Thank you.

 

ebilcari
Staff
ebilcari
Staff
February 27, 2023

I suppose that should be the behavior, reset after 24 hours. I haven't test it my self

Emirjon
memm
memmAuthor
New Member
February 22, 2023

Thank you both for your replies.

 

We did briefly consider FortiAuthenticator.

How does the Fortigate communicate user time and data consumption info to FortiAuthenticator?

 

Thanks again.

Memnon.

ebilcari
Staff
ebilcari
Staff
March 9, 2023

The communication is done using RADIUS accounting messages. FGT need to be configured via CLI to send this messages to FAC, like:

config user radius
 edit "FAC"
   set server "fac.eb.eu"
   set secret ENC *****
   set nas-ip 10.0.10.1
   set acct-interim-interval 600
   set auth-type ms_chap_v2
   config accounting-server
      edit 1
      set status enable
      set server "fac.eb.eu"
      set secret ENC ****

 

Emirjon
Terms & ConditionsAccessibility statement