FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
HarshChavda
Staff
Staff
Article Id 333639
Description

This article describes how to enable a disclaimer page for users connecting to a specific SSID on a FortiGate.

Scope FortiGate.
Solution

A disclaimer page is a custom message or policy acknowledgment page that users must accept before gaining access to the network.

This is often used for legal or policy compliance purposes. In older versions of FortiGate, It was enabled from the Firewall policy as referred to in the below KB article: Technical Tip: Configuring a disclaimer page on a FortiGate firewall policy

 

After v7.2 or above, go to Wi-Fi & Switch Controller -> SSIDs, and under the security mode setting,  select Captive Portal or WPA2 Personal with Captive Portal from the dropdown menu as shown in the image below.

 

Picture1.png

 

After selecting the above-mentioned option,  another dropdown menu is available to select Disclaimer or Disclaimer + Authentication, as shown in the image below.

 

Picture2.jpg

 

Note:

The disclaimer option is not supported in the bridge SSID. SSID has to be in Tunnel mode to configure the Disclaimer.

 

To configure the disclaimer page with captive portal SSID on CLI:

 

config wireless-controller vap

    edit “Test-Wifi”

        set security  { captive-portal  | wpa-personal+captive-portal | wpa2-only-personal+captive-portal}

        set portal-type  { disclaimer | auth+disclaimer}

    next

end

 

After enabling a disclaimer page on an SSID using FortiGate, users connecting to the SSID will now be required to read and accept the disclaimer before accessing the network.

 

Related articles:

Technical Tip: Captive Portal Disclaimer does not display

Troubleshooting Tip: Captive portal Disclaimer is showing up twice on network SSID