MAC Authentication Bypass (MAB) and Captive Portals
I'm looking to set up a Mac Address bypass system that will require each user to enroll their device via remote captive portal in order for that device to gain full net access (the purpose of this is for usage auditing). The process would be as follows:
The user opens a browser window and is taken tot he external Captive Portal.
The user fills out a form there providing some basic information. Their MAC address is passed along by the captive portal as a GET parameter.
Upon filling out their information, the portal would update Radius' list of allowed MAC addresses.
The portal would then make the requisite callback to the FortiGate 51E to pass along credentials to be checked against Radius.[/ul]
In theory this should then get them online but I feel like there are likely some gotchas. When I make the callback for the Radius auth, would I still be passing the user's credentials or would I now be sending MAC address info? Also, is there more info floating around on how to implement this on the FortiGate side? The FortiGate managing Devices PDFprovides all of 5 sentences of description and I'm unclear as to where I'd set up the Radius details for this and such. Also, what else have I missed here?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.