I created a guest network in Fortigate firewall, security mode is on. Dynamic vlan enabled. Fortinac radius is connected behind it. I then included this wireless network in fortinac. When the user connects to the network, it assigns them to the quarantine vlan. Then the fortinac portal opens and the user registers. However, I have a problem like this. When the user connects to this network, the nac portal does not open. There is an untrusted network warning. To overcome this problem, I created a certificate in the active directory. And I included it in fortinac. However, when the user connects to the wireless network, the option to trust this certificate should normally appear, but it does not. The user cannot go to the portal because there is no certificate. How can I solve this problem?
Can I direct a user who is included in the open network directly to the portal without a certificate?
Or can I disable certificate verification from the SSL section in fortinac?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Guest users on BYOD are not part of the domain so they don't recognize its private cert. I always use public certificate for the isolation portal and like this I never have such issue.
What do you mean by general certificate, I don't know much about the certificate, can you elaborate?
I guess you mean you have a browser warning about untrusted SSL cert when a guest enters the isolation portal, right? Or do you mean you have this issue with RADIUS certificate?
In case you mean isolation portal then the certificate is configured in menu Portal > Portal SSL. There you should use a public SSL certificate since the BYOD don't recognize your domain's CA. A public certificate is signed by a public authority and is recognized by all browsers.
In case you have issue with RADIUS certificate then I don't understand why do you use RADIUS authentication for Guests? Guest should use WPA2 Personal while Corp users should use RADIUS authentication.
Guest users are guest users on fortinac. How do I authenticate these users with Wpa2 personnel?
Oh sorry :) we fall again in that question: manage or not manage guests with FortiNAC. In my experience never managed wifi guests with FNAC.
How can I define a public certificate for the portal in the Fortinac certificate menu?
You go to System > Settings > Certificates (or something like that). There you will find 4 certificates: Portal, WebUI, RADIUS and Agent. There you install your public certificate as Portal cert. Once done you go back to Portal > Portal SSL and you select it.
So is there a certificate you recommend that I can install for the general certificate?
You can use your public domain's wildcard certificate if you already have one, since this is for a private address (FNAC isolation) and it works perfectly. If you don't have then you can purchase it from any cert vendor (Certigo, Comodo, ...) or make it for free via Let's Encrypt.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.