Description
This article describes how to create a Guest Management account.
Scope
All FortiGates.
Solution
A temporary visitor to the premises will need a user account in the premise during their stay.
If there is a large event, such as a conference, there would be a need to create many temporary accounts for the attendees.
Usually, this kind of request is handled by the front-desk operator/receptionist.
For this, create a 'Restrict admin to guest account provisioning only' account to provision temporary accounts for the guest user.
The following example illustrates sending login details via SMS and Email.
Prerequisite.
SMS-Server.
config system sms-server
edit "SMS-Server"
set mail-server "IP/FQDN"
next
end
Email Service.
config system email-server
set server "IP/FQDN"
end
Config- required in FortiGate related to this article.
For group, select the Guest type:
Toggle the options according to requirements.
For admin-accounts, make sure to toggle 'Restrict admin to guest account provisioning only'.
For policy, select the appropriate inbound interface and call the group 'GUEST-WIFI' with a specific source IP pool allocated.
Now, log in to the provisioning account and create a temp account for the visitor.
Creating a visitor account.
Sending the Login details via SMS.
If SMS fails, the details can be given as a printout:
Verify the visitor's internet access.
As seen above, the user was successfully authenticated.
To check the expired duration left for this visitor account:
In order to expire guest users before timeout, de-authenticate the test user under the 'Firewall User Monitor' widget.
Related document:
