Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
memm
New Contributor

Fortigate/Forti AP hotspot sw

I have a new  customer with multiple small networks of FortiGate 60F  + FortiAP  (5 to 10 in each network).

He wants to limit wifi users either by time connected, hours/days/weeks, and/or traffic consumed.

Traffic must include all apps/protocols not get html traffic.

 

Is there a Fortinet product that can do this?

If not, is their a 3rd party product thats will do the job?

Of course as always cheaper is better.

 

Thanks.

 

 

8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Hello memm,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
ebilcari
Staff
Staff

For that you will need an external RADIUS server that will do Accounting. This functions are covered by FortiAuthenticator you can read more about this feature here: https://docs.fortinet.com/document/fortiauthenticator/6.4.6/administration-guide/738461/usage-profil...

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
memm
New Contributor

We got a demo account for FortiAuthenticator to try out, seems to work quite well but we seem to have got stuck on the following:

 

When an account hits it's data usage limit during the defined 24 hour period how can it automatically reset when the 24 hours pass?

We basically want the data usage limit on the accounts to automatically reset each day.

 

Thank you.

 

ebilcari

I suppose that should be the behavior, reset after 24 hours. I haven't test it my self

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
memm
New Contributor

We've opened a ticket with support but they seem equally baffled.

Markus_M

Hi,

I would normally go and purge disabled users. Your overused user should be disabled and can be purged when it is disabled. They have to sign up then again:

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-Automatically-Purge-users-...

 

Best regards,

 

Markus

 

memm
New Contributor

Thank you both for your replies.

 

We did briefly consider FortiAuthenticator.

How does the Fortigate communicate user time and data consumption info to FortiAuthenticator?

 

Thanks again.

Memnon.

ebilcari

The communication is done using RADIUS accounting messages. FGT need to be configured via CLI to send this messages to FAC, like:

config user radius
edit "FAC"
set server "fac.eb.eu"
set secret ENC *****
set nas-ip 10.0.10.1
set acct-interim-interval 600
set auth-type ms_chap_v2
config accounting-server
edit 1
set status enable
set server "fac.eb.eu"
set secret ENC ****

 

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Top Kudoed Authors