To set up a captive portal being managed by the FortiGate and use it as an alternative to 802.1x authentication, follow the next:

• Create an SSID interface in the Wireless Controller section.
• Assign an IP address to work as a gateway for the SSID.

• To enable the captive portal function will be necessary to enable over 'Security Mode Settings' the 'Captive portal' option as enable. Configure the portal to be 'local' or 'External' based on need, to filter the access by 'users' is needed it to select the function 'Restricted to Groups', the 'User access' option.

The redirection after captive portal successful access is optional, but it works to push the successful authentication access to an external URL.

After this setup, at the moment a user tries to use a resource that comes across the SSID interface will be redirected to a captive portal before being forwarded to the destination.

Note:

Do not forget to create the respective policy to allow access to the source SSID to a destination (In this example, the internet. For the fortiGate, the interface WAN acts as an upstream Interface).