Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

PhilLeme
New Contributor

Created on ‎10-23-2015 01:55 AM

Captive portal and intra-ssid traffic

Good day people,

Is there a way to block intra-ssid traffic when using a captive portal ? At the moment, the only way to block intra-ssid traffic is to use a WPA/WPA2 security mode.

On a side note, why is it not possible to block intra-ssid traffic when using a captive portal ?

Labels:
369
0 Kudos
2 REPLIES 2
mnantel_FTNT
Staff
Staff

Created on ‎10-23-2015 02:29 AM

Hi Philippe,

I'm not clear on why this wouldnt work on your end. It does behave fine on my unit here (albeit granted, I am currently running 5.4 pre-release code). Are you able to change it in the CLI but not in the GUI?

config wireless-controller vap
    edit "SANSFILGRATUIT"
        set vdom "root"
        set ssid "SANSFILGRATUIT"
        set security captive-portal
        set portal-type disclaimer
        set intra-vap-privacy enable
        set local-switching disable
    next
end
 

--

Mathieu Nantel - NSE4, CCIE 24349

Principal System Engineer / Consultant Technique Senior, Office of the CTO

-- Mathieu Nantel Systems Engineer / Conseiller Technique - Fortinet Montreal, QC

366
0 Kudos
PhilLeme
New Contributor
In response to mnantel_FTNT

Created on ‎10-23-2015 03:15 AM

Hi Mathieu, thank you for responding.

The current configuration I have is:

config wireless-controller vap
    edit "ESICaptiveTest"
        set vdom "root"
        set ssid "esi_captive_portal_test"
        set security captive-portal
        set portal-message-override-group "captive-portal-ESICaptiveTest"
        set selected-usergroups "CaptivePortalTest"
        set intra-vap-privacy enable
        set local-switching disable
    next
end

When I select the Captive portal security mode, the option to block intra-ssid traffic disapears from the web interface.

Even with the current configuration which states "intra-vap-privacy enable", devices connected to that SSID can still see each other.

I'm running on FortiOS 5.0.

366
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.