Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
technologist36
New Contributor

WiFi Guest Management

Hi,

 

So the guest management let me generate random usernames and passwords so that each guest can use them for WiFi guest authentication. This means that i have to print a paper for each random credential and pass it to each guest, which is a nightmare practice.

 

Here is my scenario that i want to accomplish in more intelligent method:

 

1) Each guest will connect to a guest SSID

2) Each guest will fire up the browser and fortigate shows up a "Welcome to WiFi Guest" page

3) In this page, each guest will click a "Generate" button to generate a random credential.

 

Note: Of course, this button will make a call to the "Create new user" in the "Guest Management" section.

 

4) Each a guest will use the generated credential to access the internet.

 

It should work like this instead of passing a piece of paper for each guest.

 

Does FG support this scenario? If not, can i have access to FOS API so a developer i know can do this?

 

Thanks

9 REPLIES 9
gschmitt
Valued Contributor

You can use an external Captive Portal which supports this if all else fails.

But by default this isn't supported by FortiGate

technologist36

I am not sure if i am following you correctly. What "if all else fails" means"?

Do you know from where i can download this external captive portal?

 

Details please?

gschmitt

technologist36 wrote:

I am not sure if i am following you correctly. What "if all else fails" means"?

Do you know from where i can download this external captive portal?

I can't think of a way to let the guests create accounts for themselves without resorting to an external captive portal but maybe I am missing something

 

You can use many different external captive portals like pfSense or ipCop or chilliSpot

But I cant tell you if any of them offer what you want

Big_Abe
New Contributor

I think if you explained your goal a little bit better than a hard-case scenario, people might be able to help you a bit better. 

 

If I understand you correctly, your WiFi guests have to come to an 'Administrator' of some sorts - who currently generates a username and password and physically provides it to your Guest on paper.

 

Are you matching this information with actual identification?  For example a motel that has a room's occupant information and then just says the username is 'funkymonkey' and the password is 'blueberrysunset'  and writes it next to John Smith room 10.

 

In the above example - you could use any number of the 3rd party Captive Portal tools to tie into your system housing the 'John Smith' data to create users and randomly generate a password. 

 

If you're not matching to actual identification then why bother with the user/pass on the portal?  Just use a frequently changing wifi password.  

 

 

Again, it's hard to dream up solutions without really knowing your goal.  But everyone above has given good ideas as well. 

 

FCNSP

-------------------------------------

"They have us surrounded again, those poor bastards."

-Unnamed Medic

FCNSP ------------------------------------- "They have us surrounded again, those poor bastards." -Unnamed Medic
technologist36

You are not so nice, Big Abe. I didn't offend anyone in here to make you say such awful words. In fact, i was very clear in my scenario and i explained using numbers but it seems you focused more on how to annoy me than helping me. Actually, you made my scenario looks more complicated and i am sure you've done this in purpose. Even user "gschmitt" didn't complain and let's say if i was wrong, he got more priority to complain than you.

 

Looks like seeking the answer somewhere else is the best idea right now.

Big_Abe

I don't think I complained and I certainly didn't mean to offend. I meant your usage is outside of "the norm" and tried to guess your environment and explain methodologies through examples. To be simple... Can you explain your environment a bit further to try to assist you? Not nice, eh? I think that's a first for me.

FCNSP

-------------------------------------

"They have us surrounded again, those poor bastards."

-Unnamed Medic

FCNSP ------------------------------------- "They have us surrounded again, those poor bastards." -Unnamed Medic
technologist36

No, thank you , i don't want your help. You can read my original post.

obfuscated

 

 

Come on Tech, Bigabe is trying to help you here and is only wanting a better insight into your requirements.

 

I cant say as I am an expert on this but I think you will need to use the 'external' captive portal gschitt identified and some assistance from your developer friend.  The syntax has a line saying 'go out and find this external portal' and then when you are happy send me back a text string of 'Auth=Success' and I will allow you out.

 

As this is outside Fortinet its going to involve a bit of planning/testing but I would be interested to hear your results/feedback.

 

config system int

edit "interface_name"

 

set security-mode captive-portal set security-external-web "http://X.X.X.X/portal" set security-edirect-url"http://Y.Y.Y.Y/?Auth=Success"   end  
Dave_Hall
Honored Contributor

@tech

 

The closest scenario to what you are looking for is to create an email harvesting portal, suggested in the handbook, here.  (Link is for 5.2.x.)

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Top Kudoed Authors