Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nark0t
New Contributor

FortiWifi captive portal and Android/iOS randomized MAC issues

Hi All, 

 

I have a quick question, has anybody else experienced issues when setting up a Guest wifi network, using a Fortigate and FortiAP's with a captive portal for authentication, and until you turn off Randomized MAC on the Android/iOS device, the captive portal screen for the guest network will not pop up at all until randomized MAC has been changed to phone MAC.

 

Is there perhaps a way to disable valid MAC checking on the Fortigate and or on the Wifi SSID? and how do I go about this? as its difficult disabling the randomized MAC on every device that tried and connects to our Guest Wifi network.

 

TIA

1 REPLY 1
bpozdena_FTNT

Hi Nark0t,

 

MAC address randomization is enabled by default on most modern mobile devices these days and in itself should not have any effect on connecting to Wifi or accessing captive portal. 

 

You can however try to disable source MAC address verification on your captive portal with the bellow CLI command.

 

config user setting 
    set auth-src-mac disable 
end 

 

This feature is enabled by default and it's main intention is to prevent MAC address spoofing (cloning MAC address of other logged on users).

This feature needs to be disabled mainly when wireless clients are behind another router as they will all appear to have the same MAC address. 

 

If the above change does not fix the issue, I would probably suggest taking a packet capture of the client traffic. Ensure DNS resolution works and that the client is able to reach Fortigate. You can also debug the authd daemon on FortiOS. It's probably best to open a ticket with TAC at that point.  

HTH,
Boris
Labels
Top Kudoed Authors