Created on 02-17-2020 12:15 AM Edited on 08-01-2024 02:13 PM By Jean-Philippe_P
Description
Solution
Note:
By default this option is hidden and needs to be enabled under System -> Feature Visibility -> Additional Features.
To create an email collection portal using the CLI:
This example modifies the freewifi WiFi interface to present an email collection captive portal.
config wireless-controller vap
edit freewifi
set security captive-portal
set portal-type email-collect
end
Note: The email-collect option is not supported in bridge SSID.
Create a security policy.
Configure a security policy that allows traffic to flow from the Wi-Fi SSID to the Internet interface but only for members of the Collected Emails device group. This policy must be listed first. Unknown devices are not members of the Collected Emails device group, so they do not match the policy.
To create a security policy using the GUI:
Incoming Interface : freewifi
Source Address : all
Source Device Type: Collected Emails
Outgoing Interface : wan1
Destination Address: all
Service : ALL
Action :ACCEPT
NAT :On
To create a security policy using the CLI, run the following:
config firewall policy
edit 3
set srcintf "freewifi"
set dstintf "wan1"
set srcaddr "all"
set action accept
set devices collected-emails
set nat enable
set schedule "always"
set service "ALL"
next
end
Note: 'set devices' is no longer available as of 6.2.x. Instead, use the following in the CLI:
configure firewall policy
edit <policy_id>
set email-collect enable
next
end
Note: If it is impossible to get the captive portal page, it might be an HTTP request coming from it. Therefore, it requires to enable HTTP redirect under User & Authentication <> Authentication Settings.
Check for harvested emails.
To check for harvested emails using the GUI, go to User & Device -> Device Inventory.
To check for harvested emails using the CLI, run the following:
diagnose user device list hosts
vd 0 d8:d1:cb:ab:61:0f gen 35 req 30 redir 1 last 43634s 7-11_2-int
ip 10.0.2.101 ip6 fe80::dad1:cbff:feab:610f
type 2 'iPhone' src http c 1 gen 29
os 'iPhone' version 'iOS 6.0.1' src http id 358 c 1
email 'yo@yourdomain.com'
vd 0 74:e1:b6:dd:69:f9 gen 36 req 20 redir 0 last 39369s 7-11_2-int
ip 10.0.2.100 ip6 fe80::76e1:b6ff:fedd:69f9
type 1 'iPad' src http c 1 gen 5
os 'iPad' version 'iOS 6.0' src http id 293 c 1
host 'Joes’s-iPad' src dhcp
email 'you@fortinet.com'
For FortiOS 6.4.7 and above, use the following command:
diagnose firewall auth mac list
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.