Description
This article describes how to create a Guest Management account.
Scope
All FortiGates.
Solution
A temporary visitor to the premises will need a user account in the premise during their stay.
If there is a large event, such as a conference, there would be a need to create many temporary accounts for the attendees.
Usually, this kind of request is handled by the front-desk operator/receptionist.
For this, create a 'Restrict admin to guest account provisioning only' account to provision temporary accounts for the guest user.
The following example illustrates sending login details via SMS and Email.
Prerequisite.
SMS-Server.
config system sms-server
edit "SMS-Server"
set mail-server "IP/FQDN"
next
end
Email Service.
config system email-server
set server "IP/FQDN"
end
Config- required in FortiGate related to this article.
For group, select the Guest type:
Toggle the options according to requirements.
For admin-accounts, make sure to toggle 'Restrict admin to guest account provisioning only'.
For policy, select the appropriate inbound interface and call the group 'GUEST-WIFI' with a specific source IP pool allocated.
Now, log in to the provisioning account and create a temp account for the visitor.
Creating a visitor account.
Sending the Login details via SMS.
If SMS fails, the details can be given as a printout:
Verify the visitor's internet access.
As seen above, the user was successfully authenticated.
To check the expired duration left for this visitor account:
In order to expire guest users before timeout, de-authenticate the test user under the 'Firewall User Monitor' widget.
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.