Hot!Captive Portal / Password Requirement

Author
SecurityPlus
Silver Member
  • Total Posts : 95
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
2017/10/10 13:10:22 (permalink)
0

Captive Portal / Password Requirement

We have a hotel that wants to use a captive portal on an interface so that the user needs to agree to terms and conditions before using the internet. We see how to set this up.
 
The hotel would also like to limit this access to users that have been given a password. The hotel does not want to have to create usernames/passwords for each person, but would instead like a generic password that all users would enter to use the network. They would like to change this password twice a year.
 
Is this possible? If so how would this be accomplished?
#1

7 Replies Related Threads

    Toshi Esumi
    Gold Member
    • Total Posts : 421
    • Scores: 22
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/10 14:31:04 (permalink)
    0
    Check below. I used captive portal only for WiFi so far but seems to work on an interface as well.
    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-authentication-54/CaptivePortals.htm
     
    #2
    SecurityPlus
    Silver Member
    • Total Posts : 95
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/11 18:41:34
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/10 15:07:57 (permalink)
    0
    Thank you. We will continue to work through the setup and testing.
     
    This customer does not use FortiWiFi WAP's. They use older Netgear wireless access points in the hotel rooms. All are set to the same SSID's and all connected via a switch to the same FortiGate interface. Do you think that this will work for both the wired and wireless connections? I'm wondering if the wireless connections will appear to be wired connections by the time they get to the FortiGate since all the wireless issues are taken care of by the Netgear WAP's?
    #3
    Toshi Esumi
    Gold Member
    • Total Posts : 421
    • Scores: 22
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/10 15:27:02 (permalink)
    0
    With the current WiFi connection, the users need to type WAP PSK to get on WiFi then once they opened a browser they will see a FG's captive portal. Theoretically, if you could separate interfaces at FG, physical ports or VLANs, you would have an option not to set captive portal on the interface WiFi routers are connected to, so that WiFi users need to enter only WAP PSK, while wired users user a captive portal.
    #4
    SecurityPlus
    Silver Member
    • Total Posts : 95
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/11 18:41:34
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/11 17:07:43 (permalink)
    0
    An additional question. When logging in from a Mac computer that does not have the Fortinet certificate installed on it, we sometimes get a certificate warning saying that the certificate is not trusted. Maybe other computer would react the same way but most of the computers we have tested with have the certificate already installed. As this if for hotel guests, we don't have the luxury of installing the self sighed client on all the computers.
     
    We are only doing basic anti-virus inspection and I don't think that SSL inspection is turned on. If we go to an http website first there is no issue. If we though go to an https website first we often encounter the security warning. Since more and more websites are https this is a problem.
     
    Is there any way to avoid this warning? Would installing a commercial certificate on the FortiGate prevent this issue? Thanks.
     
    #5
    SecurityPlus
    Silver Member
    • Total Posts : 95
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/11 18:41:34
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/12 06:56:45 (permalink)
    0
    Toshi,
     
    You mentioned that "With the current WiFi connection, the users need to type WAP PSK". Actually the wireless is currently open, no password is needed to access it. The hotel would like to require a password and to show the user a terms and conditions page via captive portal. We modified the captive portal username/password page to include the terms and conditions.
    #6
    Baptiste
    Gold Member
    • Total Posts : 128
    • Scores: 13
    • Reward points: 0
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/12 22:46:34 (permalink)
    0
    Hi
    If you want to redirect to FGT portal without certificate warning, you have to buy a certificate.
    If you want to use Wifi and wired connection, look at this post :
    https://forum.fortinet.com/FindPost/152165
    in summary, you can use captive portal mode (set on interface) only is you use one interface or if you use an external captive portal.
    If you want FGT to act as captive portal on several interface, you have to configure each policy that need redirection.
     
    config firewall policy
    edit <my_policy_ID>
    set auth-redirect-addr " my.fortigate.com"
    next
    end

     

    FGT 100D 5.4.5 + FTK200
    FGT 60E 5.6.2
    FGT 40C 5.0.13
    FAZ VM 5.4.0
    FAP 210B/221C/223C/321C/421E
    #7
    mikeraut@ctt.com.na
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/07/26 08:34:29
    • Status: offline
    Re: Captive Portal / Password Requirement 2017/10/14 03:03:42 (permalink)
    0
    I have the same problem as 'SecurityPlus"
    Client get frustrated as most users use a https:// as a landing/opening page
    #8
    Jump to:
    © 2017 APG vNext Commercial Version 5.5