Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mumbles202
New Contributor II

FGT Captive Portal Default Group

If I have a setup w/ the captive portal and tie that in w/ a backend LDAP group, is there a way for me to also allow unauthenticated users access?  So users who successfully login to captive portal with AD credentials will get a policy applied to them based on that group membership.  And anyone that fails to authenticate then gets a Guest policy applied?  

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello,

 

Did you try to have a look in our Knowledge Base? You may find an article which could provide a solution.

Just select Knowledge Base, the concerned product and you can easily make a search in our search bar.

 

Do not hestiate to come back to us if you do not find the solution.

 

Regards,

Anthony-Fortinet Community Team.
Debbie_FTNT
Staff
Staff

Hey mumbles,

FortiGate doesn't have an option to put users that fail authentication into another group.

I imagine it would bring a slew of issues - an AD user mistyping their password or username would end up in the guest group, for example, instead of having the option to try again.

As for having a captive portal that allows both AD credentials and unauthenticated users:

It would be possible IF the AD users and unauthenticated users come from different source IPs.

You could exempt the guest IPs from captive portal, and enforce it for the AD subnet. You would then need two policies, one for the guest IP range, and one for the AD IP range.

If AD users and guest users share the same subnet, you can only enforce authentication completely or not at all.

You could set up a guest admin (someone allowed to generate guest credentials) and add the guest group to captive portal as well, and then apply policies based on AD group membership vs guest group membership.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors