- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Ubiquity Unify Guest wifi with separate VLANs for ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ubiquity Unify Guest wifi with separate VLANs for guest and cloud key
Hello,
Some keywords:
Fortigate 60E
separate VLANs
Ubiquity Unify Cloud key and AC-pro access points
Guest wifi hotspot with captive portal and voucher system (ubiquity unify)
Problem: can't access the Ubiquity Unify captive portal from the guest wifi network
Setup:
Fortigate 60E connects to internet via WAN port, switches connected with trunks to the internal ports on the Fortigate.
3 VLANs with DHCP pools for business (1), guest (30) and private (20) set up on Fortigate for wired and WIFI networks.
Ubiquity Unify (for WIFI) with cloud key and access points are connected to VLAN1.
Configuration works fine for wired ports as well as wireless. Depending on selected network (wired or WIFI) correct IPs are assigned, network access restrictions, internet policies applied and bandwidth restrictions are correct. So far so good.
The moment I make in the Ubiquity control panel the guest network a hotspot with a captive portal for log in with vouchers for internet access I get a hick up: when connecting with a device to the guest WIFI (VLAN 30), a correct IP address gets assigned and the browser opens to get to the captive portal for log in. Problem is the page doesn't open and the browser gives a connection time out after a while.
My guess is that the captive portal is managed and issued by the unify cloud key, which has a VLAN1 IP address. The guest device that tries to connect to the captive portal so it can log in and get access to internet has a VLAN 30 IP address. There is a good reason that guest are on a separate VLAN and I want to keep that segregation for security purposes. I have experimented with creating a policy rule that allows traffic from VLAN 30 to the Cloud key specific IP but no luck so far.
How can I get this to work (guest on VLAN 30 to use the WIFI to access internet with a voucher and authentication through the captive portal) without compromising the separation between the VLANs? I think that the solution is in a policy between the 2 VLAN's to allow for this specific traffic but am not sure as the first few attempts to set up such a rule failed on me.
Ubiquity support suggests creating DMZ for the cloud key, but I am not sure if a DMZ is what I am happy with. Maybe one of you has had this combination before and found a reliable and safe solution?
Thanks,
André Pasman
Best Regards,
André
Best Regards,
André
Labels:
- Labels:
-
5.6
- « Previous
-
- 1
- 2
- Next »
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm facing nearly the same situations.
I'm using FGT50E with 6.2.2.
The guest portal is not opening, IP gets pulled and is turning into APIPA-169 after some seconds.
I've tried different devices, iOS, MacOS, WinDO(w)S10 and Android. With all devices the problems stay the same.
In WiFi-CTRL GuestPolicy I've entered the IP of Controller, DNS, Gateway (Controller-Subnet + Client-Subnet) for pre-auth possibilities.
In the controller the VLANs are configured as VLAN-Only Networks.
The policiy in FortiGate is set for Guest-Subnet > Controller and TCP 8880, 8843 - you've set 8080 and 8443 wrong - those are for administering, 8880 and 8843 are the guest portal ports - for testing I've also entered 8080 and 8443 - which didn't work.
I've already openend a thread with detailled coniguration:
Hopefully we could fix this!
Thanks
Lukas
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Multiple site using vxlan over ipsec 1355 Views
- Question for graduation assignment 809 Views
- Sending All Syslogs through Root VDOM 2623 Views
- One ISP with Two Routes (Rings)... 1696 Views
- Fortisandbox Cloud licence 1304 Views
Labels
-
FortiGate
7,188 -
FortiClient
1,419 -
5.2
801 -
5.4
639 -
FortiManager
621 -
FortiAnalyzer
458 -
6.0
416 -
FortiAP
376 -
FortiSwitch
375 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
116 -
IPsec
110 -
SSL-VPN
109 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
FortiSandbox
34 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
LDAP
21 -
FortiConverter
21 -
Certificate
21 -
SAML
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
Routing
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiLink
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
SSL SSH inspection
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
System settings
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1077 | |
| 892 | |
| 529 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.