- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiProxy
- FortiPortal
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Authentication for WiFi clients thru Captive ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Authentication for WiFi clients thru Captive Portal
Hi,
I' m using FGT-600C with firmware v5.2.0,build0589.
I have configured a guest group for Captive Portal with default authentication timeout settings. Everything is working fine.
What I want to achieve:
The client should re-authenticate whenever he/she re-connects to WiFi regardless of authentication timeout values.
For example, auth-timeout-type is set to " hard-timeout" and auth-timeout is set to 8 hours. If a client connects and authenticates and disconnects from WiFi after 10 minutes of usage. Later he comes back again after 30 minutes and connects back. He does not need to re-authenticate. I want to change this behaviour to make him authenticate every time he connects.
Is it possible to achieve.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure you want this?
Tablets and phones often disconnect quickly from wifi when their screens turn off either by a timer or by pressing the ' off' button. Your users will probably go crazy if asked to re-login via the captive portal every time their device wakes up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to achieve? How to configure?
First, I want to present the idea to my seniors along with its drawbacks. Then we' ll see all the possibilities.
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You cannot achieve this as like what you expected.
you can set an " authtimeout" to " 10 Minutes" or " 20 Minutes" , but every particular interval the user has to re login to the captive portal to get connect back.
edit " Guest Users Group"
set group-type guest
set authtimeout 0
set auth-concurrent-override disable
set http-digest-realm ' '
end
So, this is not recommended and you cannot implement this on a network where frequent guest user accounts needed.
And if your plan is to highly restrict them , then there are lot of other options available like to restrict the services / put webfiltering etc.
Nihas [\b]
Nihas [\b]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I actually have the opposite problem. I created a group and they need to re-authenticate each time their device goes to sleep. I want them to only authenticate once, and not have it last until their account expires. Generally I have contractors in the building for 6-8 hrs and need them to be online while they' re here.
I' m guessing the above commands are for the command line interface. I found the option for reauthenticate which is set to 5. However, I don' t see way to edit that per group. For instance, users on our student or faculty SSID, never have to reauthenticate. Seems the guest group is the only one.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone assist me with this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stryker... Guests authenticate via Captive portal and others via saved psk or radius?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, guests using captive portal and staff using PSK.
Although we' re integrating AD soon so I' m hoping our staff will be able to just use their school username to login to the wifi starting in Sept.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stryker.
By default the authentication timeout is set to 5 Minutes.
FGT# show full-configuration user setting
config user setting
set auth-type http https ftp telnet
set auth-cert " self-sign"
set auth-ca-cert ' '
set auth-secure-http disable
set auth-http-basic disable
set auth-multi-group enable
set auth-timeout 5
set auth-timeout-type idle-timeout
set radius-ses-timeout-act hard-timeout
set auth-blackout-time 0
set auth-invalid-max 5
set auth-lockout-threshold 3
set auth-lockout-duration 0
end
You can change the authentication timeout for a particular group by doing the below command.
FGT#config user group
FGT (group) # edit " Guest Users Group"
set group-type guest
set authtimeout 480 ( You can use 1-480 Minutes )
set auth-concurrent-override disable
set http-digest-realm ' '
end
Hope this helps!
Nihas [\b]
Nihas [\b]
Related Posts
Labels
-
fortigate
7,012 -
FortiClient
1,378 -
5.2
801 -
5.4
639 -
FortiManager
609 -
FortiAnalyzer
443 -
6.0
416 -
FortiAP
370 -
FortiSwitch
367 -
5.6
362 -
FortiClient EMS
285 -
FortiMail
273 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
171 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
103 -
SSL-VPN
93 -
FortiGateCloud
92 -
FortiSIEM
92 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
75 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
43 -
SD-WAN
43 -
Fortivoice
43 -
FortiDNS
38 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
FortiConverter
22 -
ZTNA
21 -
DNS
21 -
BGP
19 -
FortiGate v5.2
19 -
SAML
18 -
FortiPortal
18 -
Certificate
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
FortiCASB
14 -
FortiDDoS
14 -
Logging
14 -
FortiGate v5.0
13 -
Fortigate Cloud
13 -
Routing
13 -
RADIUS
11 -
NAT
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
Web profile
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
RMA Information and Announcements
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
Proxy policy
5 -
FortiAI
5 -
Automation
5 -
FortiCache
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiCWP
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
System settings
2 -
Users
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1032 | |
| 853 | |
| 500 | |
| 440 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.