Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rmeyer-epik
New Contributor II

Captive Portal and Security

I have been asked to explore captive portal as an option for guests wireless, I see in the docs its OPEN (ie no encryption) for the initial connection. Does it ever flip to an encrypted channel post validation?

1 Solution
rmeyer-epik
New Contributor II

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

View solution in original post

6 REPLIES 6
mauromarme
Staff
Staff

Hello @rmeyer-epik 
Just to get more information about it.
Are you trying to configure Captive Portal hosted by the FortiGate or are you trying to use another option such as FortiAuthenticator or any other External Captive Portal provided by any AP on your network?

Thanks!

Mauricio Marin
Fortinet TAC Senior Engineer
rmeyer-epik
New Contributor II

we are exploring a guest wifi where they put in some basic info to a portal and allow them through...the built in captive portal doesnt look like it will fit what mgmt is looking for, but the question is more gear to "once authenticated via the portal" is the connection secure/encrypted

ebilcari

Using only Captive portal will not offer any encryption for user's traffic. If the portal page is using https at least the login credentials are encrypted but the traffic later on is moved unencrypted over the air.

FGT also offers a mixed setup with PSK encryption and Portal authentication.

psk+portal.PNG

The guest account need to know the PSK in advance and their traffic will be encrypted using this key.

There is also the new "open" SSID in WPA3 OWE that offer encryption for every node without using a PSK which is secure and convenient for guest/portal users.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
hbac

Hi @rmeyer-epik,

 

To allow guest users to put in some basic infos to a portal and allow them through, you need to use an external captive portal. I would suggest FortiAuthenticator. Please refer to https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/736069/portals

 

Regards, 

Sheikh
Staff
Staff

Hello @rmeyer-epik ,


There are other options as well e.g. FortiNAC, which can host portals for guest users.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/876616/guests-contractors

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
rmeyer-epik
New Contributor II

Ended up doing a software switch interface with captive portal, then did OWE...works good, just downfall is max 24 hr time

Top Kudoed Authors