Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rmeyer-epik
New Contributor II

Created on ‎11-27-2023 01:42 PM

Captive Portal and Security

I have been asked to explore captive portal as an option for guests wireless, I see in the docs its OPEN (ie no encryption) for the initial connection. Does it ever flip to an encrypted channel post validation?

Labels:
2138
0 Kudos
1 Solution
rmeyer-epik
New Contributor II

Created on ‎12-14-2023 12:50 PM

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

View solution in original post

1958
0 Kudos
6 REPLIES 6
mauromarme
Staff
Staff

Created on ‎11-27-2023 03:11 PM

Hello @rmeyer-epik 
Just to get more information about it.
Are you trying to configure Captive Portal hosted by the FortiGate or are you trying to use another option such as FortiAuthenticator or any other External Captive Portal provided by any AP on your network?

Thanks!

Mauricio Marin
Fortinet TAC Senior Engineer
2126
0 Kudos
rmeyer-epik
New Contributor II

Created on ‎11-27-2023 04:35 PM

we are exploring a guest wifi where they put in some basic info to a portal and allow them through...the built in captive portal doesnt look like it will fit what mgmt is looking for, but the question is more gear to "once authenticated via the portal" is the connection secure/encrypted

2117
0 Kudos
ebilcari
Staff
Staff
In response to rmeyer-epik

Created on ‎11-28-2023 12:49 AM

Using only Captive portal will not offer any encryption for user's traffic. If the portal page is using https at least the login credentials are encrypted but the traffic later on is moved unencrypted over the air.

FGT also offers a mixed setup with PSK encryption and Portal authentication.

psk+portal.PNG

The guest account need to know the PSK in advance and their traffic will be encrypted using this key.

There is also the new "open" SSID in WPA3 OWE that offer encryption for every node without using a PSK which is secure and convenient for guest/portal users.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
2101
0 Kudos
hbac
Staff
Staff
In response to rmeyer-epik

Created on ‎11-28-2023 08:05 AM

Hi @rmeyer-epik,

 

To allow guest users to put in some basic infos to a portal and allow them through, you need to use an external captive portal. I would suggest FortiAuthenticator. Please refer to https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/736069/portals

 

Regards, 

2094
0 Kudos
Sheikh
Staff
Staff

Created on ‎11-28-2023 08:59 AM

Hello @rmeyer-epik ,


There are other options as well e.g. FortiNAC, which can host portals for guest users.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/876616/guests-contractors

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
2088
0 Kudos
rmeyer-epik
New Contributor II

Created on ‎12-14-2023 12:50 PM

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

1959
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.