To set up a captive portal being managed by the FortiGate and use it as an alternative to 802.1x authentication, follow the next:

• Create an interface VLAN over the FortiLink aggregation.

• Assign an IP address to work as a gateway, and also assign the VLAN that will work as an L2 identification of the broadcast domain.

• To enable the captive portal function will be necessary to enable the 'Security mode' function over the 'Network' section.

• Configure the portal to be 'local' or 'External' based on need, to filter the access by 'users', if needed it to select the function 'Restricted to Groups', the' User access' option. The redirection after captive portal successful access is optional, but it works to push the successful authentication access to an external URL.

After this setup, at the moment a user tries to use a resource that comes across the SVI Interface VLAN will be redirected to a captive portal before being forwarded to the destination.

Note:

Do not forget to create the respective policy to allow access to the source VLAN to a destination (In this example, the internet. For the FortiGate, the interface WAN is an upstream Interface).