This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Age-group based web/content filter – Guests
I have an interesting client requirement where we have to capture the guest’s age along with username/password in captive portal and serve the webcontent based on their age.
I have got both Cisco ISE and ClearPass guest servers. I have got Cisco WLCs in the setup.
I have got both Fortigate(webfilter) and Cisco ASA. How to implement this solution to serve content based on guest’s age?
I can only category based filter in fortigate.
Thanks,
Solved! Go to Solution.
If you can have your RADIUS server return the age in the Fortinet-Group-Name attribute, that would make things very simple.
Once that's done just create user groups on the Fortigate that match on your radius server + group name and apply those groups to policy.
I.e., User age is 19, RADIUS server returns Fortinet-Group-Name attribute "Age19". On the Fortigate, create a group called "UserAge19", match remote users on RADIUS Server with group name "Age19". Then create firewall policies that use the correct source IP range (or "any") and the "UserAge19" group.
There are ways to make user groups look at other RADIUS attributes in CI instead of just Fortinet-Group-Name (I think it's the "class" setting under "config user radius \ edit
Hi Rajesh,
this age information - is it stored somewhere on the webpages?
In other words, where should it come from?
Age information is stored in the radius servers. I can return them as user catagory.
If you can have your RADIUS server return the age in the Fortinet-Group-Name attribute, that would make things very simple.
Once that's done just create user groups on the Fortigate that match on your radius server + group name and apply those groups to policy.
I.e., User age is 19, RADIUS server returns Fortinet-Group-Name attribute "Age19". On the Fortigate, create a group called "UserAge19", match remote users on RADIUS Server with group name "Age19". Then create firewall policies that use the correct source IP range (or "any") and the "UserAge19" group.
There are ways to make user groups look at other RADIUS attributes in CI instead of just Fortinet-Group-Name (I think it's the "class" setting under "config user radius \ edit
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.