Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AMINET
New Contributor

wifi guest user management captive portal or radius

Hi,

I have a fortigate with 3rd party access points and I want to manage guest access, so I'm confused for what is the best way to do that using a interface with captive portal or using radius server

 

thank you in advance

5 REPLIES 5
gfleming
Staff
Staff

Captive portal should suffice. But it depends on what level of control and info you need from the clients to access your network. If it's just a splash page its fine. If you want advanced integrations like social network connectors and email then you'll need FortiAuthenticator. Can you provide a bit more info about what you want your guest wifi user experience to be like?

Cheers,
Graham
AMINET
New Contributor

Hi @gfleming  and thank you for your answer ,

 

I want to create an SSID for guest users and control their access using Fortigate rsso, because I have experienced issues with Fortigate captive portal with some browsers.

gfleming

If you are using RSSO that implies these guest users have accounts on your RADIUS server? That seems like something that will be very hard to manage.

 

Can you not just control access based on the guest VLAN that you put the guest wi-fi users into?

Cheers,
Graham
AMINET

Hi @gfleming ,

 

If you are using RSSO that implies these guest users have accounts on your RADIUS server? yes it is related to AD accounts
Can you not just control access based on the guest VLAN that you put the guest wi-fi users into? ok, but I have to control the guest account (generation and expiration of passwords). I like how to fortigate handle it, but I don't have a fortiAP yet.
if there is a method to avoid captive portal error on browser (client must to access a simple HTTP page initially for captive portal redirection ) thats will be fine.

gfleming

Sounds like you need FortiAuthenticator if you are going to be managing guest accounts. They can self-register or you can create temporary logins, lots of options.

 

Don't think FortiGate has the built-in functionality to do what you want. 

 

https://docs.fortinet.com/document/fortiauthenticator/6.4.6/administration-guide/813547/guest-users

Cheers,
Graham
Labels
Top Kudoed Authors