I would like to setup FortiAuthenticator and Fortigate to provide McDonald like WIFI access, when you connect, it pop up a disclaim page, and once user clicked "I accept", it grant the user access directly.
Is this doable ?
I have tried to use Portal policy with MAC authentication ( but doesn't really restrict any MAC ), it looks like FortiAuthenticator does send Access-Accept to Fortigate, but there is no Fortinet-Group-Name radius attributes.
If I don't enable "Account registration" in Guest portal, there are new "social login users" created, but they can't be automatically added into a user group. Tried MAC group with device tracking enabled on guest portal, also no luck ( turn on device tracking doesn't add new social login user's MAC into the chosen MAC group. ).
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Jackchenwork,
yes it is doable. The FAC has the portal policy option of the pre-login services with "Disclaimer".
However please clarify what exactly you are trying to do. If you have these type of guest users, you cannot get them to be in a user group, let alone get them permission sets.
There might not be a need for the FAC even as the FGT itself supports a disclaimer in a policy. The user will be added to the firewall user list with IP and the flag "disclaimer".
If your user logs off, the user can be removed from the firewall user list.
This is maybe better documented here:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/182001/per-policy-disclaimer-messages
Best regards,
Markus
Hi Jackchenwork,
yes it is doable. The FAC has the portal policy option of the pre-login services with "Disclaimer".
However please clarify what exactly you are trying to do. If you have these type of guest users, you cannot get them to be in a user group, let alone get them permission sets.
There might not be a need for the FAC even as the FGT itself supports a disclaimer in a policy. The user will be added to the firewall user list with IP and the flag "disclaimer".
If your user logs off, the user can be removed from the firewall user list.
This is maybe better documented here:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/182001/per-policy-disclaimer-messages
Best regards,
Markus
Yes I created the portal with Disclaimer. the requirement is to have minimum management tasks and give guest user WIFI access to Internet. So the ideal result is Guests see Disclaimer/Terms and Conditions, click accept, then they are connected to Internet.
I don't want to ask users to register since this is just free WIFI for guest's convenience. No need to collect user name/email ( most time they are fake if we don't validate email anyway, and if we do validate email, then they need to have Internet access first). There is also GDPR, so ideally just let the user use free WIFI like McDonald.
Now I see one
The issue is without registration, even I choose MAC authentication, the user doesn't belong to any user group on FAC and his MAC doesn't belong to MAC group, so FAC doesn't send a group to FGT and FGT won't allow user access.
OK now I see if I just use FGT, I can choose "Disclaimer" only , that could be one option.
The other option is I still use FAC but on FAC's disclaimer page, I provide a guest user and password.
Correct, FAC will only send user information back, like memberships, if the user is known in its userDB.
FAC will need to have one configured (be it devices or local, remote users). For simple disclaimers, the FGT will do. Its replacement messages can be adapted, so you can display something fancy to the guests.
Additional info that might be interesting: You can supply DHCP options to the wifi users in which you can offer them a landing page like option 114 or 160.
To stay with the example: the menu ordering page of McDonalds. After accepting the disclaimer you get redirected to that page.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.