hi everybody.. I'm new to the world of Fortinet, and have a few questions; i am trying to integrate a Fortigate 60E w/ a all-ubiquiti unifi Ap environment.
current settings as follow
wan1 : isp
lan1: 192.168.0.0/24 (dhcp + nat enabled)
dmz_vlan: 192.168.2.0/24 (dhcp + nat enabled)
all physical unifi equipment resides on lan1 (2 switches + cloudkey controller + AP)
the unifi controller (residing on lan1) has a hotspot feature that authenticates users w/ vouchers, so i created the following ipv4 in the attachment.. it basically lets traffic from the dmz vlan to the ip of the captive portal for authentication, and allows whatever traffic the CP send back to the user. this seems to work, as i am able to join the SSID assigned to the dmz vlan and the portal pops up. HOWEVER, even if i don't go through the captive portal authentication, the users on that ssid network are able to use the internet (my guess is because of rule #4 on the list , where i route traffic to the wan)...
so here goes.. how can i make it so that they don't have access unless authenticated by the CP? is this something that has to be done on the unifi controller?
your help is much appreciated. thank you!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.