Hi all,
I hope you're well.
Does anyone have any experience with FortiLAN and know if it is possible to bypass via MAC address the captive portal on an SSID? I have had a look myself in FortiLAN and reviewed documentation but haven't found any of use and am beginning to think this isn't possible.
Regards,
Dan.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You mean FortiLAN Cloud correct?
MAC Access Control: Select to allow clients
identified in the MAC address import list to connect to
that SSID.
l Fail Through Mode. This mode is available if
you select the Open authentication. If you select
the Fail Through Mode, then the following
applies:
l If a client is not in the MAC address import
list, then the client must pass captive-portal
authentication to access the internet.
l If a client is in the MAC address import list,
then the client can bypass the captive-portal
authentication and access the internet
directly.
Hi there,
I did see this option however, I didn't proceed because I seen "Enter MAC addresses of clients which are allowed to connect. All other clients will be blocked" statement.
If I enter the device MAC here and apply and have captive portal applied will other devices still be able to authenticate and click through the captive portal and have internet access or will it restrict access purely to that device MAC only?
Many thanks,
Dan.
You need to enable Fail Through mode. If a client is not in the MAC address import list, then the client must pass captive-portal authentication to access the internet.
If a client is in the MAC address import list, then the client can bypass the captive-portal
authentication and access the internet directly.
Hi there,
It looks like this option is only available when open authentication is selected, is there a way to do this with PSK and captive portal enabled or will I need to opt for open auth if I want to achieve this?
Thanks,
Dan.
Created on 02-02-2024 05:12 AM Edited on 02-02-2024 05:12 AM
I'm not sure, never tested this exact scenario. Why bother with a PSK and captive portal here though? I see most customers leave their guest network open and enable WPA3 Opportunist Wireless Encryption (OWE).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.