- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Captive Portal and Security
I have been asked to explore captive portal as an option for guests wireless, I see in the docs its OPEN (ie no encryption) for the initial connection. Does it ever flip to an encrypted channel post validation?
Solved! Go to Solution.
- Labels:
-
FortiAP
-
Wireless Controller
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @rmeyer-epik
Just to get more information about it.
Are you trying to configure Captive Portal hosted by the FortiGate or are you trying to use another option such as FortiAuthenticator or any other External Captive Portal provided by any AP on your network?
Thanks!
Fortinet TAC Senior Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we are exploring a guest wifi where they put in some basic info to a portal and allow them through...the built in captive portal doesnt look like it will fit what mgmt is looking for, but the question is more gear to "once authenticated via the portal" is the connection secure/encrypted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using only Captive portal will not offer any encryption for user's traffic. If the portal page is using https at least the login credentials are encrypted but the traffic later on is moved unencrypted over the air.
FGT also offers a mixed setup with PSK encryption and Portal authentication.
The guest account need to know the PSK in advance and their traffic will be encrypted using this key.
There is also the new "open" SSID in WPA3 OWE that offer encryption for every node without using a PSK which is secure and convenient for guest/portal users.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @rmeyer-epik,
To allow guest users to put in some basic infos to a portal and allow them through, you need to use an external captive portal. I would suggest FortiAuthenticator. Please refer to https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/736069/portals
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @rmeyer-epik ,
There are other options as well e.g. FortiNAC, which can host portals for guest users.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/876616/guests-contractors
regards,
Sheikh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time