- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Captive Portal / Password Requirement
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Captive Portal / Password Requirement
We have a hotel that wants to use a captive portal on an interface so that the user needs to agree to terms and conditions before using the internet. We see how to set this up.
The hotel would also like to limit this access to users that have been given a password. The hotel does not want to have to create usernames/passwords for each person, but would instead like a generic password that all users would enter to use the network. They would like to change this password twice a year.
Is this possible? If so how would this be accomplished?
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check below. I used captive portal only for WiFi so far but seems to work on an interface as well.
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-authentication-54/CaptivePortals.htm
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. We will continue to work through the setup and testing.
This customer does not use FortiWiFi WAP's. They use older Netgear wireless access points in the hotel rooms. All are set to the same SSID's and all connected via a switch to the same FortiGate interface. Do you think that this will work for both the wired and wireless connections? I'm wondering if the wireless connections will appear to be wired connections by the time they get to the FortiGate since all the wireless issues are taken care of by the Netgear WAP's?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With the current WiFi connection, the users need to type WAP PSK to get on WiFi then once they opened a browser they will see a FG's captive portal. Theoretically, if you could separate interfaces at FG, physical ports or VLANs, you would have an option not to set captive portal on the interface WiFi routers are connected to, so that WiFi users need to enter only WAP PSK, while wired users user a captive portal.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
An additional question. When logging in from a Mac computer that does not have the Fortinet certificate installed on it, we sometimes get a certificate warning saying that the certificate is not trusted. Maybe other computer would react the same way but most of the computers we have tested with have the certificate already installed. As this if for hotel guests, we don't have the luxury of installing the self sighed client on all the computers.
We are only doing basic anti-virus inspection and I don't think that SSL inspection is turned on. If we go to an http website first there is no issue. If we though go to an https website first we often encounter the security warning. Since more and more websites are https this is a problem.
Is there any way to avoid this warning? Would installing a commercial certificate on the FortiGate prevent this issue? Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Toshi,
You mentioned that "With the current WiFi connection, the users need to type WAP PSK". Actually the wireless is currently open, no password is needed to access it. The hotel would like to require a password and to show the user a terms and conditions page via captive portal. We modified the captive portal username/password page to include the terms and conditions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
If you want to redirect to FGT portal without certificate warning, you have to buy a certificate.
If you want to use Wifi and wired connection, look at this post :
https://forum.fortinet.com/FindPost/152165
in summary, you can use captive portal mode (set on interface) only is you use one interface or if you use an external captive portal.
If you want FGT to act as captive portal on several interface, you have to configure each policy that need redirection.
config firewall policy edit <my_policy_ID> set auth-redirect-addr " my.fortigate.com" next end
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Top of the morning to you.
We have a similar deployment at the moment.
Please how did you implement this?
Please can you also share your sample code?
Kind regards,
Many Thanks,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem as 'SecurityPlus"
Client get frustrated as most users use a https:// as a landing/opening page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know this thread is kind of old but we are dealing with same issue... We have various folks trying to hit an interface (a VLAN) with captive portal enabled but since not everyone has a valid SSL installed on their browser there are cert warnings.
I know when I go to a hotel and hit the WiFi I get redirected to a page (no cert warning) no matter what I type into my browser. How do they get away with this since I obviously do not have their cert installed in my browser?
Related Posts
- UniFi Controller SSID with FortiGate Captive... 492 Views
- Fortigate cloud subscription 232 Views
- FortiAuthenticator for Guest Access 640 Views
- User authentication 668 Views
- Guest WiFi with disclaimer and password 1965 Views
Labels
-
FortiGate
6,491 -
FortiClient
1,295 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
331 -
FortiClient EMS
260 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
104 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
70 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.