- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: WiFi Guest Management
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WiFi Guest Management
Hi,
So the guest management let me generate random usernames and passwords so that each guest can use them for WiFi guest authentication. This means that i have to print a paper for each random credential and pass it to each guest, which is a nightmare practice.
Here is my scenario that i want to accomplish in more intelligent method:
1) Each guest will connect to a guest SSID
2) Each guest will fire up the browser and fortigate shows up a "Welcome to WiFi Guest" page
3) In this page, each guest will click a "Generate" button to generate a random credential.
Note: Of course, this button will make a call to the "Create new user" in the "Guest Management" section.
4) Each a guest will use the generated credential to access the internet.
It should work like this instead of passing a piece of paper for each guest.
Does FG support this scenario? If not, can i have access to FOS API so a developer i know can do this?
Thanks
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use an external Captive Portal which supports this if all else fails.
But by default this isn't supported by FortiGate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not sure if i am following you correctly. What "if all else fails" means"?
Do you know from where i can download this external captive portal?
Details please?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
technologist36 wrote:I can't think of a way to let the guests create accounts for themselves without resorting to an external captive portal but maybe I am missing somethingI am not sure if i am following you correctly. What "if all else fails" means"?
Do you know from where i can download this external captive portal?
You can use many different external captive portals like pfSense or ipCop or chilliSpot
But I cant tell you if any of them offer what you want
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think if you explained your goal a little bit better than a hard-case scenario, people might be able to help you a bit better.
If I understand you correctly, your WiFi guests have to come to an 'Administrator' of some sorts - who currently generates a username and password and physically provides it to your Guest on paper.
Are you matching this information with actual identification? For example a motel that has a room's occupant information and then just says the username is 'funkymonkey' and the password is 'blueberrysunset' and writes it next to John Smith room 10.
In the above example - you could use any number of the 3rd party Captive Portal tools to tie into your system housing the 'John Smith' data to create users and randomly generate a password.
If you're not matching to actual identification then why bother with the user/pass on the portal? Just use a frequently changing wifi password.
Again, it's hard to dream up solutions without really knowing your goal. But everyone above has given good ideas as well.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are not so nice, Big Abe. I didn't offend anyone in here to make you say such awful words. In fact, i was very clear in my scenario and i explained using numbers but it seems you focused more on how to annoy me than helping me. Actually, you made my scenario looks more complicated and i am sure you've done this in purpose. Even user "gschmitt" didn't complain and let's say if i was wrong, he got more priority to complain than you.
Looks like seeking the answer somewhere else is the best idea right now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think I complained and I certainly didn't mean to offend.
I meant your usage is outside of "the norm" and tried to guess your environment and explain methodologies through examples.
To be simple... Can you explain your environment a bit further to try to assist you?
Not nice, eh? I think that's a first for me.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, thank you , i don't want your help. You can read my original post.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Come on Tech, Bigabe is trying to help you here and is only wanting a better insight into your requirements.
I cant say as I am an expert on this but I think you will need to use the 'external' captive portal gschitt identified and some assistance from your developer friend. The syntax has a line saying 'go out and find this external portal' and then when you are happy send me back a text string of 'Auth=Success' and I will allow you out.
As this is outside Fortinet its going to involve a bit of planning/testing but I would be interested to hear your results/feedback.
config system int
edit "interface_name"
set security-mode captive-portal set security-external-web "http://X.X.X.X/portal" set security-edirect-url"http://Y.Y.Y.Y/?Auth=Success" end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tech
The closest scenario to what you are looking for is to create an email harvesting portal, suggested in the handbook, here. (Link is for 5.2.x.)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Related Posts
- Wifi-Bridge with FortiWifi as controller in... 266 Views
- FortiExtender Cloud 24.1 is now Released! 116 Views
- 43658 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_RESP 271 Views
- Captive Portal provided by Cisco ISE... 868 Views
- L2TPv3 Concentration for SSIDs 289 Views
Labels
-
FortiGate
6,462 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
55 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.