Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Captive Portal authentication issue

Hi all,

We have Fortigate 60F with captive portal configured on one of the Port; We use Unifi as APs, See below my firewall settings for Captive portal:


config user setting set auth-timeout 1440 set auth-timeout-type hard-timeout set auth-lockout-duration 0 set auth-invalid-max 100 end


config user group edit "guest.Wifi" set group-type guest set authtimeout 0 set auth-concurrent-override enable set http-digest-realm '' end


The client do not want to re-authenticate after authentication was successful

Let say the guest account is set to expire in 120days, our client is looking for a solution where after successful authentication; the authenticated guest should remain active.


We try all the settings but could archive that goal.


The max session time out is set to 24hrs but not truth all the time; for some reason the guest have to authenticate many times between 24hrs and sometime stay connected for 24hrs.


We do not want to want to set the exempt source for some devices.\


Please help




are you 100% sure you want to have 120 days authenticated session ?

To be honest, that sounds to me as security madness.

Have you heard about session hijacks and other possible misuse scenarios for active sessions?


If you want to pass someone/something through, basically unauthenticated, that's how 120 days sounds to me, then how about per MAC based or IP based exceptions?

Thinking of per MAC IP assignment via something like DHCP, or static map. Not trying to even think about DHCP or MAC address spoofing .. or other ways, just to keep sanity.


Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

New Contributor II

I know it is a security madness.

The client is driving me made. We have explained to them that fortigate is a security device and therefore can not be implemented

Kind regards 


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors