Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Thonno
New Contributor

UniFi Controller SSID with FortiGate Captive Portal

IMG_3895.jpeg

Greetings,

I should configure a WiFi SSID on a UniFi Controller that performs redirects to a Captive Portal on a FortiGate so that the users are picked up by a FortiAuthenticator.

 

In particular:

  • Users connect to an SSID issued by the Unifi Controller.
  • As soon as the user connects, a FortiGate Captive Portal should appear and read the users from the FortiAuthenticator.
  • After user login, he can go Online.

It can be done?

If that's not possible, I was thinking about:

  • SSID without password
  • Captive Portal on the FortiGate interface (which would also be the gw of the users connected via WiFi)
  • Authentication on the FortiGate Captive Portal with users drawn from the FortiAuthenticator.

Thank you very much for helping.

1 Solution
AEK
Honored Contributor

Hi @Thonno 

Here is how you configure active portal:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-Portal-Authentication-Network-Inte...

You can create on FGT a remote group from FAC and use it in active portal.

Once user authenticate on active portal they can go online.

AEK

View solution in original post

AEK
7 REPLIES 7
AEK
Honored Contributor

Hi @Thonno 

Here is how you configure active portal:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Captive-Portal-Authentication-Network-Inte...

You can create on FGT a remote group from FAC and use it in active portal.

Once user authenticate on active portal they can go online.

AEK
AEK
Thonno
New Contributor

Does the Captive Portal appear automatically or does the user have to open a browser?

Mainly users will be connected with Smartphones, which is why I would have preferred Unifi to do Radius redirects or similar for the captive portal on FortiGate.

anyway thanks so much for the reply

AEK
Honored Contributor

FG portal doesn't open automatically, user has to open browser and type an address.

AEK
AEK
AEK
Honored Contributor

Since the user already authenticates with RADIUS I think you can use RSSO instead of using captive portal. Please check here if it is what you want.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/513092/configuring-radius-ss...

AEK
AEK
Thonno
New Contributor

Thanks AEK.
Just a question, in case I activated 
the Captive Portal, the user would have to authenticate each time the browser / session was opened or only the first one time?

Does the authentication remain in the cache for a certain number of hours?

AEK
Honored Contributor

You're welcome Thonno

There is a timeout, if no activity from user for I think about 10 or 20mn (default setting that can be changed), then his session times out and portal will be triggered again when user wants access some site on the browser.

AEK
AEK
Thonno
New Contributor

Hi Aek,

I made the necessary configurations temporarily using a Huawei AP.

I configured a VLAN Interface on the FortiGate and created a SSID on the Huawei Access Point without a password.

Immediately after connecting to the SSID, the FortiGate Captive Portal is automatically opened and by entering the credentials taken from the FortiAuthenticator everything works.

I set the timeout to 24 hours and even logging out and logging back in after a few minutes everything works fine.

Thank you so much for your help, you were very kind!

Labels
Top Kudoed Authors