Hi all,
We have Fortigate 60F with captive portal configured on one of the Port; We use Unifi as APs, See below my firewall settings for Captive portal:
config user setting set auth-timeout 1440 set auth-timeout-type hard-timeout set auth-lockout-duration 0 set auth-invalid-max 100 end
config user group edit "guest.Wifi" set group-type guest set authtimeout 0 set auth-concurrent-override enable set http-digest-realm '' end
The client do not want to re-authenticate after authentication was successful
Let say the guest account is set to expire in 120days, our client is looking for a solution where after successful authentication; the authenticated guest should remain active.
We try all the settings but could archive that goal.
The max session time out is set to 24hrs but not truth all the time; for some reason the guest have to authenticate many times between 24hrs and sometime stay connected for 24hrs.
We do not want to want to set the exempt source for some devices.\
Please help
Hi,
are you 100% sure you want to have 120 days authenticated session ?
To be honest, that sounds to me as security madness.
Have you heard about session hijacks and other possible misuse scenarios for active sessions?
If you want to pass someone/something through, basically unauthenticated, that's how 120 days sounds to me, then how about per MAC based or IP based exceptions?
Thinking of per MAC IP assignment via something like DHCP, or static map. Not trying to even think about DHCP or MAC address spoofing .. or other ways, just to keep sanity.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
I know it is a security madness.
The client is driving me made. We have explained to them that fortigate is a security device and therefore can not be implemented
Kind regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.