Hi,
So the guest management let me generate random usernames and passwords so that each guest can use them for WiFi guest authentication. This means that i have to print a paper for each random credential and pass it to each guest, which is a nightmare practice.
Here is my scenario that i want to accomplish in more intelligent method:
1) Each guest will connect to a guest SSID
2) Each guest will fire up the browser and fortigate shows up a "Welcome to WiFi Guest" page
3) In this page, each guest will click a "Generate" button to generate a random credential.
Note: Of course, this button will make a call to the "Create new user" in the "Guest Management" section.
4) Each a guest will use the generated credential to access the internet.
It should work like this instead of passing a piece of paper for each guest.
Does FG support this scenario? If not, can i have access to FOS API so a developer i know can do this?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can use an external Captive Portal which supports this if all else fails.
But by default this isn't supported by FortiGate
I am not sure if i am following you correctly. What "if all else fails" means"?
Do you know from where i can download this external captive portal?
Details please?
technologist36 wrote:I can't think of a way to let the guests create accounts for themselves without resorting to an external captive portal but maybe I am missing somethingI am not sure if i am following you correctly. What "if all else fails" means"?
Do you know from where i can download this external captive portal?
You can use many different external captive portals like pfSense or ipCop or chilliSpot
But I cant tell you if any of them offer what you want
I think if you explained your goal a little bit better than a hard-case scenario, people might be able to help you a bit better.
If I understand you correctly, your WiFi guests have to come to an 'Administrator' of some sorts - who currently generates a username and password and physically provides it to your Guest on paper.
Are you matching this information with actual identification? For example a motel that has a room's occupant information and then just says the username is 'funkymonkey' and the password is 'blueberrysunset' and writes it next to John Smith room 10.
In the above example - you could use any number of the 3rd party Captive Portal tools to tie into your system housing the 'John Smith' data to create users and randomly generate a password.
If you're not matching to actual identification then why bother with the user/pass on the portal? Just use a frequently changing wifi password.
Again, it's hard to dream up solutions without really knowing your goal. But everyone above has given good ideas as well.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
You are not so nice, Big Abe. I didn't offend anyone in here to make you say such awful words. In fact, i was very clear in my scenario and i explained using numbers but it seems you focused more on how to annoy me than helping me. Actually, you made my scenario looks more complicated and i am sure you've done this in purpose. Even user "gschmitt" didn't complain and let's say if i was wrong, he got more priority to complain than you.
Looks like seeking the answer somewhere else is the best idea right now.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
No, thank you , i don't want your help. You can read my original post.
Come on Tech, Bigabe is trying to help you here and is only wanting a better insight into your requirements.
I cant say as I am an expert on this but I think you will need to use the 'external' captive portal gschitt identified and some assistance from your developer friend. The syntax has a line saying 'go out and find this external portal' and then when you are happy send me back a text string of 'Auth=Success' and I will allow you out.
As this is outside Fortinet its going to involve a bit of planning/testing but I would be interested to hear your results/feedback.
config system int
edit "interface_name"
set security-mode captive-portal set security-external-web "http://X.X.X.X/portal" set security-edirect-url"http://Y.Y.Y.Y/?Auth=Success" end
@tech
The closest scenario to what you are looking for is to create an email harvesting portal, suggested in the handbook, here. (Link is for 5.2.x.)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.