Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Eng52
Contributor

FortiLAN - SSID Captive Portal Bypass

Hi all, 

 

I hope you're well. 

 

Does anyone have any experience with FortiLAN and know if it is possible to bypass via MAC address the captive portal on an SSID? I have had a look myself in FortiLAN and reviewed documentation but haven't found any of use and am beginning to think this isn't possible. 

 

Regards, 

Dan. 

 

 

5 REPLIES 5
adambomb1219
SuperUser
SuperUser

You mean FortiLAN Cloud correct?

 

MAC Access Control: Select to allow clients
identified in the MAC address import list to connect to
that SSID.
l Fail Through Mode. This mode is available if
you select the Open authentication. If you select
the Fail Through Mode, then the following
applies:
l If a client is not in the MAC address import
list, then the client must pass captive-portal
authentication to access the internet.
l If a client is in the MAC address import list,
then the client can bypass the captive-portal
authentication and access the internet
directly.

Dan_Eng52

Hi there, 

 

I did see this option however, I didn't proceed because I seen "Enter MAC addresses of clients which are allowed to connect. All other clients will be blocked" statement. 

 

If I enter the device MAC here and apply and have captive portal applied will other devices still be able to authenticate and click through the captive portal and have internet access or will it restrict access purely to that device MAC only? 

 

Many thanks, 

Dan.

adambomb1219

You need to enable Fail Through mode.  If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.
If a client is in the MAC address import list, then the client can bypass the captive-portal
authentication and access the internet directly.

Dan_Eng52

Hi there, 

 

It looks like this option is only available when open authentication is selected, is there a way to do this with PSK and captive portal enabled or will I need to opt for open auth if I want to achieve this? 

 

Thanks, 

Dan. 

 

adambomb1219

I'm not sure, never tested this exact scenario.  Why bother with a PSK and captive portal here though?  I see most customers leave their guest network open and enable WPA3 Opportunist Wireless Encryption (OWE).

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors