Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
OnlineGeek
New Contributor

Guest wifi user authentication

I know that I can create a guest wifi and apply a captive portal but I'd like to apply one where a user needs to enter their name and password. As the Admin, I would then be able to approve or deny their access to the guest wifi.... is this possible?

5 REPLIES 5
xsilver_FTNT
Staff
Staff

Hi,

this is not possible on FortiOS AFAIK. There is only email collecting portal.

However the FortiOS does have external captive portal option .. so you can actually write your own portal, like web app to collect and approve users.

 

Or, there is Account Registration -> Require Admin Approval option on FortiAuthenticator in portal config.

See screenshot - https://www.dropbox.com/s...tration.png?dl=0 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

sw2090

hm

I found https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/981270/creating-security-policies-for-di...

 

This says if you set a policy to require a specific user or usergroup the FGT will prompt you with a login screen once you match that policy. This should work for guest wifi too.

Thus there is no user registration that can be used by users. This will require an admin to create the user and add to groups if required.

So might not be a full guest wifi portal as you know it but maye it meets your requirements?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
xsilver_FTNT

Maybe I just misunderstood that ..  "where a user needs to enter their name and password. As the Admin, I would then be able to approve or deny their access to the guest wifi".

 

I thought that idea is that the guest users will apply/enroll themselves somehow and admin later then approve their ability to log into the guest wifi.

Sure you can, as admin, or guest manager/sponsor, create bunch of guest accounts in advance and then distribute those. Like hotel receptionist giving you temporary access while you stay in. In this case you can make those users into guest groups on FGT or your back end auth server (LDAP/RADIUS/TACACS+/Kerberos) and use either captive portal on interface or group in policy which will then spring the auth according to settings when needed. But that seemed to me a bit too much pre-fabricated, as you are basically granting access to those users in advance, not when they enroll .. "enter their name and password".

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

sw2090

well yes. But that's the only thing FortiOS supports. If you need users to enroll themselfes you might have to use an external solution then.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
xsilver_FTNT

yes, that's what I tried to depict in my first update.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors