Fortigate Captive Portal - Guest Wifi with advertising. Need help :D

spedrosa · ‎10-21-2015

Hi! I want to make a scenario like this: i want to offer free wifi around a store but when someone connects to my AP's, i want to show a captive portal with a message, a logo and a box that i want the users to enter an email in. But i don't want them to login to my fortigate, because this will be free for everyone, so i don't want to worry about creating accounts, i just want to receive the email and store it in a MySQL DB for marketing purposes. Could this be possible?

Thanks! :)

neonbit · ‎10-21-2015

Yes this can be done very easily.

You configure the guest SSID portal type as 'Email Collection'.

Then you click on the Customize Portal Messages hyperlink to edit the splash page that users get.

All the harvested email addresses will be stored under User & Device > Monitor > Collected Email Addresses. You can export them from here to be used for your evil marketing plans ;)

spedrosa · ‎10-22-2015

Hi! thanks for the ansewer. That's a start. I'm testing this and i figured out that after the first login, the fortiWifi don't ask for the email again, it stores it internally and let the user connect without giving the email again. It probably make a connection between the mac address and the email, so let the computer connects directly to the internet.

Is there any possibility of this happen?:

User connects-> FortiWifi shows advertising disclaimer and asks for email -> Navigates for 1 hour -> Fortiwifi shows more advertising and asks for the email again to continue.

I want the user to re-enter de email in 1hour intervals so i can show him more advertising.

The email will be used later to send advertising too.

There is no possibility of creating accounts for users because this will be free, and lots of people will use it without asking permission to the store.

As you said, this is for marketing purposes. :D

Thanks again :)

neonbit · ‎10-25-2015

Yes this is possible. You can configure the authentication timeout so that after x minutes, the user will have to re-authenticate (in your instance they will need to type in an email address again).

This can be configured under User & Device > Authentication > Authentication Timeout. The below example will force users to re-authenticate every hour.

ikoimecs · ‎02-05-2016

neonbit wrote:
Yes this is possible. You can configure the authentication timeout so that after x minutes, the user will have to re-authenticate (in your instance they will need to type in an email address again).
This can be configured under User & Device > Authentication > Authentication Timeout. The below example will force users to re-authenticate every hour.

No, it will not work. Because devices are generating traffic in the background and your authentication timeout will never happen, unless you will go out of the coverage or will switch the WiFi off for an hour.

Actually if you want users to be forced login every hour, in addition to setting Auth Timeout as shown above, you also have to switch from "idle-timeout" (default) to "hard-timeout" in global user settings:

config user setting

set auth-timeout-type {idle-timeout | hard-timeout | new-session}