If I have a setup w/ the captive portal and tie that in w/ a backend LDAP group, is there a way for me to also allow unauthenticated users access? So users who successfully login to captive portal with AD credentials will get a policy applied to them based on that group membership. And anyone that fails to authenticate then gets a Guest policy applied?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Did you try to have a look in our Knowledge Base? You may find an article which could provide a solution.
Just select Knowledge Base, the concerned product and you can easily make a search in our search bar.
Do not hestiate to come back to us if you do not find the solution.
Regards,
Hey mumbles,
FortiGate doesn't have an option to put users that fail authentication into another group.
I imagine it would bring a slew of issues - an AD user mistyping their password or username would end up in the guest group, for example, instead of having the option to try again.
As for having a captive portal that allows both AD credentials and unauthenticated users:
It would be possible IF the AD users and unauthenticated users come from different source IPs.
You could exempt the guest IPs from captive portal, and enforce it for the AD subnet. You would then need two policies, one for the guest IP range, and one for the AD IP range.
If AD users and guest users share the same subnet, you can only enforce authentication completely or not at all.
You could set up a guest admin (someone allowed to generate guest credentials) and add the guest group to captive portal as well, and then apply policies based on AD group membership vs guest group membership.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.